CVE-2025-65719

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

EUVD-2025-209796

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

CVE-2025-65719

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

kubectl-mcp-server 安全漏洞

kubectl-mcp-server is a tool developed by Rohit Ghumare, a personal developer, for managing Kubernetes clusters using natural language. Version 1.1.1 of kubectl-mcp-server contains a security vulnerability. This vulnerability allows attackers to execute arbitrary code on the victim’s system throu...

PT-2026-40082

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

CVE-2025-65719

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

CVE-2025-65719

Affected software: Open Source Kubectl MCP Server v1.1.1. Issue: A vulnerability allows attackers to execute arbitrary code on a victim system via a crafted HTML page. What is known: Documented across multiple sources (NVD, EUVD, CVE listing) with the same description. No explicit root cause, aff...

CVE-2025-65719

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

OPENSUSE-SU-2026:10754-1 kubectl-cnpg-1.29.1-1.1 on GA media

These are all security issues fixed in the kubectl-cnpg-1.29.1-1.1 package on the GA media of openSUSE Tumbleweed...

RHCOS 4 : OpenShift Container Platform 4.1 openshift (RHSA-2019:3266)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3266 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 Note that Nessus has not tested for this issue bu...

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 - kubernetes: YAML parsing vulnerable to...

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. - kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal CVE-2019-11249 -...

PT-2026-36667

CVE-2026-30412 SentinelCloud, AI-Driven Autonomous DevOps Engineer One closed loop. Five agents. Seven scenarios. Zero hallucinated kubectl. Live demo https://t.co/ocEWNzLf9Z...

runtime-exploit-guard

Container Exec - Python Script Reads attack-vuln-image-mappi...

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

CVE-2026-39884

The CVE-2026-39884 entry concerns mcp-server-kubernetes (Model Context Protocol server for Kubernetes) with a vulnerability in the port_forward tool (src/tools/port_forward.ts). The code builds a kubectl command by string concatenation using user-controlled input and naively splits on spaces befo...

CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...

GHSA-4XQG-GF5C-GHWQ MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...