Mcp-kubernetes-server CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Feisky Subscriptions

Filtered by product Mcp-kubernetes-server Subscriptions

Search

Switch to Advanced Search (Beta)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-59376	1 Feisky	1 Mcp-kubernetes-server	2025-09-20	3.7 Low
feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word (i.e., "version") is not a write or delete operation.
CVE-2025-59377	1 Feisky	1 Mcp-kubernetes-server	2025-09-20	3.7 Low
feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355.

Page 1 of 1.