MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mcp-server-kubernetes(npm) | 0 | 2.5.0 | N/A |
CVSS Metrics
