CVE-2026-61459

Summary

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the –server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally and enabling full cluster compromise.

Affected Software

VendorProductVersion RangeStatus
Flux159mcp-server-kubernetes0 < 3.9.0affected

Weaknesses

  • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

References