Mcp Kubernetes Server

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-59377 LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-59376 LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod". Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-59377
EPSS 0% CVSS 3.7
LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
CVE-2025-59376
EPSS 0% CVSS 3.7
LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod". Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy