CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

Malicious code in 0x2ai-demo6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...

Malicious code in 0x2ai-demo3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36d5f023e4740169d1e1e7a56ebe32552cfdc4a05bf50ecc0b648ecea502c0d On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran the install from usi...

MAL-2026-5588 Malicious code in 0x2ai-demo10x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c4c4b3e66489f3a4383df5e62540498343c5ab3a5ce145df5733b2820efc71b On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, process.env.INITCWD, recursive: true , copying.mcp.json,...

Malicious code in 0x2ai-demo7x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e956073a7db6057e4d42af462dba0299152ca992c113d74c715e90574d0efb On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD, placing...

Malicious code in 0x2ai-demo9x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e796c3398589b92ecd70f45bc41128101313dd07adeb0634199ac3fef59d19d On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD without consent,...

OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...

GHSA-CXH2-4639-VMC5 OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...

nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation

The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...

GHSA-598G-H2VC-H5VG nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation

The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...

PT-2026-47621

Name of the Vulnerable Software and Affected Versions Nebula-Mesh versions prior to 0.3.4 Description An authorization gap in the /api/v1/ route surface allows non-admin operators to obtain broad cross-tenant access. The API trusts the bearer token for authorization without enforcing ownership...

PT-2026-47550

The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2161)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change th...

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

CVE-2026-6720

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig with bearer token,...

CVE-2026-40520

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

CVE-2026-44320

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

Arbitrary Argument Injection

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Argument Injection via the kubectlgeneric tool. An attacker can obtain sensitive authentication tokens by injecting malicious flags in ...

MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Summary The kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer with...