Lucene search
K

265 matches found

CVE
CVE
added 2 days ago26 views

CVE-2026-53489

CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...

8.2CVSS5.9AI score0.00245EPSS
Exploits0References1Affected Software1
OSV
OSV
added 4 days ago4 views

PYSEC-2026-371 Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References6
OSV
OSV
added 4 days ago6 views

PYSEC-2026-409 mcp-kubernetes-server has an OS Command Injection vulnerability

feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...

9.8CVSS6.1AI score0.01224EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/19 7:35 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the CRI checkpoint restore plugin due to improper validation of symlinked paths. An attacker can access arbitrary files on the host by crafting a malicious checkpoint image and leveraging the...

8.2CVSS6AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

9.4CVSS6AI score0.00316EPSS
Exploits0References38
NVD
NVD
added 2026/06/11 7:16 p.m.8 views

CVE-2026-47250

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:35 p.m.19 views

CVE-2026-47250

CVE-2026-47250 concerns mcp-server-kubernetes, where the kubectl_generic tool exposes a flag-injection vulnerability due to passing user-supplied flags directly to kubectl without an allowlist. This can enable a privilege-escalation path in Kubernetes environments: an attacker with limited access...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:35 p.m.10 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 6:35 p.m.30 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

MCP Server Kubernetes 参数注入漏洞

MCP Server Kubernetes is an MCP server for Kubernetes management, developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.7.0 contained a parameter injection vulnerability. This vulnerability stemmed from the kubectl generic tool not performing a whitelist check on the tokens...

6.1CVSS5.4AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 5:34 p.m.29 views

CVE-2026-50569 Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checks

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

4.3CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:34 p.m.23 views

CVE-2026-50569

The CVE concerns Fission (Kubernetes-native serverless framework). Before version 1.25.0, HTTPTriggerSpec.Validate() checked Methods, FunctionReference, Host, IngressConfig, and CorsConfig but silently skipped RelativeURL and Prefix; these fields were only validated at the CLI. As a result, an HT...

4.3CVSS5.4AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 5:34 p.m.12 views

EUVD-2026-36073

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

4.3CVSS5.4AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Fission 输入验证错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.5AI score0.00258EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 3:40 p.m.14 views

MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Summary The kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer with...

6.1CVSS5.5AI score0.00267EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/05 3:40 p.m.7 views

Arbitrary Argument Injection

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Argument Injection via the kubectlgeneric tool. An attacker can obtain sensitive authentication tokens by injecting malicious flags in ...

8.7CVSS5.5AI score0.00267EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:40 p.m.9 views

GHSA-6MX4-4H42-R8VH MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Summary The kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer with...

6.1CVSS5.5AI score0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46991

Name of the Vulnerable Software and Affected Versions mcp-server-kubernetes versions prior to 3.7.0 Description The kubectl generic tool in mcp-server-kubernetes passes user-supplied flags and arguments directly to kubectl without an allowlist, enabling a privilege escalation attack. An attacker...

6.1CVSS5.5AI score0.00267EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/13 8:21 p.m.8 views

CVE-2025-65719

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References1
Rows per page
Query Builder