CVE-2026-61459
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the –server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally and enabling full cluster compromise.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Flux159 | mcp-server-kubernetes | 0 < 3.9.0 | affected |
Weaknesses
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
References
- https://github.com/Flux159/mcp-server-kubernetes/releases/tag/3.9.0
- https://github.com/Flux159/mcp-server-kubernetes/issues/328
- https://github.com/Flux159/mcp-server-kubernetes/pull/329
- https://github.com/Flux159/mcp-server-kubernetes/commit/d7890f50a4567bf5d9842541ba6f41e180227f9a
- https://www.vulncheck.com/advisories/mcp-server-kubernetes-argument-injection-via-kubectl-structured-tools
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.