Description
Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.



To remediate this issue, users should upgrade to version 1.0.13 or later.
Published: 2026-07-06
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated SQL injection vulnerability exists in the metrics-service retention policy management component of Amazon MCP Gateway & Registry. The flaw arises from improper neutralization of special elements in a crafted table_name parameter that is interpolated directly into SQL statements, allowing an authenticated remote user to construct arbitrary SQL queries. This can lead to unauthorized data access, modification, or deletion, compromising confidentiality, integrity, and availability of the system.

Affected Systems

Affected products include Amazon MCP Gateway & Registry on AWS, with versions prior to 1.0.13 susceptible to the issue. The specific vulnerable component is the retention policy subsystem within the metrics-service. No other versions are noted as impacted.

Risk and Exploitability

The CVSS score of 8.6 reflects high severity, and the EPSS score of < 1% indicates a very low probability of exploitation. The vulnerability is not listed in CISA KEV, suggesting it has not yet been widely exploited. The attack vector is inferred to be authenticated remote, as the flaw requires valid user credentials to manipulate the table_name parameter. Exploitation would require the attacker to submit a specially crafted request to the service, making it a moderate effort but with potentially significant consequences.

Generated by OpenCVE AI on July 8, 2026 at 05:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 1.0.13 or later of Amazon MCP Gateway & Registry.
  • Restrict access to the metrics-service and retention policy API to the minimum necessary users; remove any extraneous authentication privileges.
  • Implement input validation to reject or sanitize table_name values that contain special characters; consider applying parameterized queries if custom code is used.

Generated by OpenCVE AI on July 8, 2026 at 05:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later.
Title Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry
First Time appeared Aws
Aws mcp Gateway Registry
Weaknesses CWE-89
CPEs cpe:2.3:a:aws:mcp_gateway_registry:*:*:*:*:*:*:*:*
Vendors & Products Aws
Aws mcp Gateway Registry
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Aws Mcp Gateway Registry
cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-07-07T13:45:02.810Z

Reserved: 2026-07-02T14:25:46.661Z

Link: CVE-2026-14471

cve-icon Vulnrichment

Updated: 2026-07-07T13:44:58.307Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T05:15:03Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')