PT-2026-57272 · Unknown · Mcp-Server-Kubernetes
George Chen
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-61459
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MCP Server Kubernetes versions prior to 3.9.0
Description
An argument injection flaw exists in structured tools, specifically within the
kubectl get, kubectl describe, and kubectl delete functions. By providing the resourceType and name parameters with leading dashes, an attacker can bypass the assertNoDangerousFlags security check. This allows the injection of the --server flag to redirect commands to an external API server controlled by the attacker, which can lead to the transmission of the operator's bearer token and full cluster compromise.Recommendations
Update MCP Server Kubernetes to version 3.9.0 or later.
As a temporary mitigation, restrict the use of the
kubectl get, kubectl describe, and kubectl delete functions.Exploit
Fix
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcp-Server-Kubernetes