mcp-kubernetes-server

The mcp-kubernetes-server, a Kubernetes management component, contains a critical remote code execution vulnerability (CVSS 9.8) that requires no authentication or user interaction and can be exploited over the network to achieve complete compromise of confidentiality, integrity, and availability. The attack vector indicates this is a network-accessible flaw with low complexity, making it easily exploitable by unauthenticated attackers. Security teams should immediately prioritize patching systems running this component and monitor for any exploitation attempts, as the vendor has until April 10, 2026 to release a fix.