Command Injection

mcp-kubernetes-server is vulnerable to Command Injection. The vulnerability is due to the use of shell=True in the /mcp/kubectl endpoint, which allows an attacker to inject and execute arbitrary operating system commands...

Improper Command Restriction

mcp-kubernetes-server is vulnerable to improper command restriction. The vulnerability is due to incomplete validation of chained commands in the implementation of --disable-write and --disable-delete, which allows an attacker to bypass restrictions and execute unauthorized write or delete...

CVE-2025-59377

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

Arbitrary Command Injection

Overview mcp-kubernetes-server is a The mcp-kubernetes-server is a Model Context Protocol MCP server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools like Claude, Cursor, and GitHub Copilot and Kubernetes, translating natural language request...

mcp-kubernetes-server has an OS Command Injection vulnerability

feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...

GHSA-4HQQ-7Q79-932P mcp-kubernetes-server has an OS Command Injection vulnerability

feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...

CVE-2025-59377

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

mcp-kubernetes-server 安全漏洞

mcp-kubernetes-server is a Model Context Protocol server for Pengfei Ni Personal Developer. A security vulnerability exists in mcp-kubernetes-server version 0.1.11 and earlier, which stems from the use of the shell=True parameter and could lead to an OS command injection attack...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...