CVE-2026-39884

Name of the Vulnerable Software and Affected Versions mcp-server-kubernetes versions prior to 3.5.0

Description An argument injection issue exists in the port forward tool within the startPortForward() function located in src/tools/port forward.ts. The tool constructs a kubectl command using string concatenation with user-controlled input and subsequently splits the string by spaces before passing it to the spawn() function. This allows an attacker to inject arbitrary kubectl flags by including spaces in the namespace, resourceType, resourceName, localPort, or targetPort variables.

Potential impacts include exposing internal Kubernetes services to the network by injecting the --address=0.0.0.0 flag, bypassing namespace restrictions through the injection of additional -n flags, and indirect exploitation via prompt injection against AI agents connected to the server.

Recommendations Update to version 3.5.0. As a temporary workaround, restrict access to the port forward tool to minimize the risk of exploitation.