Lucene search
K

277 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 - kubernetes: YAML parsing vulnerable to...

7.5CVSS6.8AI score0.25939EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.1 openshift (RHSA-2019:3266)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3266 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 Note that Nessus has not tested for this issue bu...

5.7CVSS6.8AI score0.0262EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. - kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal CVE-2019-11249 -...

7.5CVSS7.3AI score0.25939EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36667

CVE-2026-30412 SentinelCloud, AI-Driven Autonomous DevOps Engineer One closed loop. Five agents. Seven scenarios. Zero hallucinated kubectl. Live demo https://t.co/ocEWNzLf9Z...

5.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/17 10:38 a.m.155 views

runtime-exploit-guard

Container Exec - Python Script Reads attack-vuln-image-mappi...

10CVSS7.5AI score0.96184EPSS
Exploits44
NVD
NVD
added 2026/04/15 4:17 a.m.8 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 11:25 p.m.27 views

CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:25 p.m.4 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/14 11:25 p.m.26 views

CVE-2026-39884

The CVE-2026-39884 entry concerns mcp-server-kubernetes (Model Context Protocol server for Kubernetes) with a vulnerability in the port_forward tool (src/tools/port_forward.ts). The code builds a kubectl command by string concatenation using user-controlled input and naively splits on spaces befo...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/14 11:25 p.m.3 views

CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS6AI score0.00258EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.12 views

MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/14 10:32 p.m.5 views

GHSA-4XQG-GF5C-GHWQ MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32965

Name of the Vulnerable Software and Affected Versions mcp-server-kubernetes versions prior to 3.5.0 Description An argument injection issue exists in the port forward tool within the startPortForward function located in src/tools/port forward.ts. The tool constructs a kubectl command using string...

8.3CVSS5.4AI score0.00258EPSS
Exploits0References8
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.5 views

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, langfuse, nfpm, flux-operator-fips, kubernetes-csi-livenessprobe, kube-conformance, spark-operator, chartmuseum, kyverno-policy-reporter-fips,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.6 views

CVE-2025-69902

A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...

9.8CVSS6.1AI score0.02057EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/16 10:46 p.m.3 views

Arbitrary Command Injection

Overview kubectl-mcp-tool is an Alias package for kubectl-mcp-server use kubectl-mcp-server instead Affected versions of this package are vulnerable to Arbitrary Command Injection via the runkubectlcommand function in the minimalwrapper.py component. An attacker can execute arbitrary system...

9.8CVSS6.1AI score0.02057EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 9:34 p.m.5 views

EUVD-2025-208773

A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...

6.1AI score0.02057EPSS
Exploits0References5
NVD
NVD
added 2026/03/16 9:16 p.m.6 views

CVE-2025-69902

A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...

9.8CVSS0.02057EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 12:0 a.m.3 views

CVE-2025-69902

A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...

6.1AI score0.02057EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25814

🔴 CVE-2025-69902 - Critical A command injection vulnerability in the minimal wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharact... https://t.co/PU0OcLfG2G https://t.co/y3eBStKQr5...

9.8CVSS6.1AI score0.02057EPSS
Exploits0References8
Rows per page
Query Builder