277 matches found
RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 - kubernetes: YAML parsing vulnerable to...
RHCOS 4 : OpenShift Container Platform 4.1 openshift (RHSA-2019:3266)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3266 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 Note that Nessus has not tested for this issue bu...
RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. - kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal CVE-2019-11249 -...
PT-2026-36667
CVE-2026-30412 SentinelCloud, AI-Driven Autonomous DevOps Engineer One closed loop. Five agents. Seven scenarios. Zero hallucinated kubectl. Live demo https://t.co/ocEWNzLf9Z...
runtime-exploit-guard
Container Exec - Python Script Reads attack-vuln-image-mappi...
CVE-2026-39884
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...
CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...
CVE-2026-39884
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...
CVE-2026-39884
The CVE-2026-39884 entry concerns mcp-server-kubernetes (Model Context Protocol server for Kubernetes) with a vulnerability in the port_forward tool (src/tools/port_forward.ts). The code builds a kubectl command by string concatenation using user-controlled input and naively splits on spaces befo...
CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...
MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting
Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...
GHSA-4XQG-GF5C-GHWQ MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting
Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...
PT-2026-32965
Name of the Vulnerable Software and Affected Versions mcp-server-kubernetes versions prior to 3.5.0 Description An argument injection issue exists in the port forward tool within the startPortForward function located in src/tools/port forward.ts. The tool constructs a kubectl command using string...
GHSA-GJVH-7JH8-7XHM vulnerabilities
Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, langfuse, nfpm, flux-operator-fips, kubernetes-csi-livenessprobe, kube-conformance, spark-operator, chartmuseum, kyverno-policy-reporter-fips,...
CVE-2025-69902
A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...
Arbitrary Command Injection
Overview kubectl-mcp-tool is an Alias package for kubectl-mcp-server use kubectl-mcp-server instead Affected versions of this package are vulnerable to Arbitrary Command Injection via the runkubectlcommand function in the minimalwrapper.py component. An attacker can execute arbitrary system...
EUVD-2025-208773
A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...
CVE-2025-69902
A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...
CVE-2025-69902
A command injection vulnerability in the minimalwrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters...
PT-2026-25814
🔴 CVE-2025-69902 - Critical A command injection vulnerability in the minimal wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharact... https://t.co/PU0OcLfG2G https://t.co/y3eBStKQr5...