Lucene search
K

277 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-61459

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS0.00421EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS0.00421EPSS
Exploits0References5
CVE
CVE
added 6 days ago22 views

CVE-2026-61459

Affected software: MCP Server Kubernetes before 3.9.0. Vulnerability: Argument injection in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that bypasses the assertNoDangerousFlags check by using leading dashes for resourceType/name. This allows injection of the --server flag to ...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42987

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57272

Name of the Vulnerable Software and Affected Versions MCP Server Kubernetes versions prior to 3.9.0 Description An argument injection issue exists in the structured tools kubectl get, kubectl describe, and kubectl delete. Improper input validation and argument parsing allow the resourceType and...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:10 p.m.6 views

CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 6:10 p.m.52 views

CVE-2026-53489

CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/01 12:0 a.m.4 views

OPENSUSE-SU-2026:11167-1 kubectl-cnpg-1.29.2-1.1 on GA media

These are all security issues fixed in the kubectl-cnpg-1.29.2-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS6.9AI score0.14142EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-371 Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-409 mcp-kubernetes-server has an OS Command Injection vulnerability

feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...

9.8CVSS6.1AI score0.01224EPSS
Exploits0References7
Fedora
Fedora
added 2026/06/21 1:11 a.m.7 views

[SECURITY] Fedora 43 Update: kubernetes1.33-1.33.13-1.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:1 a.m.5 views

[SECURITY] Fedora 44 Update: kubernetes1.35-1.35.6-1.fc44

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: kubernetes1.33-1.33.13-1.fc44

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the CRI checkpoint restore plugin due to improper validation of symlinked paths. An attacker can access arbitrary files on the host by crafting a malicious checkpoint image and leveraging the...

8.2CVSS6AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.26 views

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-47250

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 6:35 p.m.35 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:35 p.m.14 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:35 p.m.24 views

CVE-2026-47250

CVE-2026-47250 concerns mcp-server-kubernetes, where the kubectl_generic tool exposes a flag-injection vulnerability due to passing user-supplied flags directly to kubectl without an allowlist. This can enable a privilege-escalation path in Kubernetes environments: an attacker with limited access...

6.1CVSS5.3AI score0.00267EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 6:35 p.m.3 views

CVE-2026-47250 mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectlgeneric tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes...

6.1CVSS5.9AI score0.00267EPSS
Exploits0References4
Rows per page
Query Builder