Lucene search
+L

4 matches found

Cvelist
Cvelist
added last week34 views

CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS0.00421EPSS
Exploits1References5
OSV
OSV
added 2026/07/09 6:14 p.m.1 views

SUSE-SU-2026:2823-1 Security update for helm

This update for helm fixes the following issues - Update to version 3.21.2 - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation bsc1266598. - CVE-2026-48978: oras.land/oras-go/v2/registry/remote/auth:...

9.6CVSS6.5AI score0.00478EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 6:35 p.m.17 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 3:40 p.m.15 views

MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

Summary The kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer with...

6.1CVSS5.5AI score0.00267EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder