2 matches found
CVE-2026-61459
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...
CVE-2026-61459
Affected software: MCP Server Kubernetes before 3.9.0. Vulnerability: Argument injection in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that bypasses the assertNoDangerousFlags check by using leading dashes for resourceType/name. This allows injection of the --server flag to ...