CVE-2026-61459 PUBLISHED

MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools

Assigner: VulnCheck
Reserved: 09.07.2026 Published: 10.07.2026 Updated: 10.07.2026

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally and enabling full cluster compromise.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor Flux159
Product mcp-server-kubernetes
Versions Default: unaffected
  • affected from 0 to 3.9.0 (excl.)

Credits

  • George Chen finder

References

Problem Types

  • Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE