Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.5AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 11:25 p.m.26 views

CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 11:25 p.m.7 views

CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:25 p.m.4 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/14 11:25 p.m.24 views

CVE-2026-39884

The CVE-2026-39884 entry concerns mcp-server-kubernetes (Model Context Protocol server for Kubernetes) with a vulnerability in the port_forward tool (src/tools/port_forward.ts). The code builds a kubectl command by string concatenation using user-controlled input and naively splits on spaces befo...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.9 views

MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/14 10:32 p.m.5 views

GHSA-4XQG-GF5C-GHWQ MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32965

Name of the Vulnerable Software and Affected Versions mcp-server-kubernetes versions prior to 3.5.0 Description An argument injection issue exists in the port forward tool within the startPortForward function located in src/tools/port forward.ts. The tool constructs a kubectl command using string...

8.3CVSS5.4AI score0.00258EPSS
Exploits0References8
Rows per page
Query Builder