CVE-2026-61459 in MCP Server Kubernetes정보

요약

\~에 의해 MITRE • 2026. 07. 10.

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally and enabling full cluster compromise.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

VulnCheck

예약하다

2026. 07. 09.

모더레이션

수락

항목

VDB-377596

EPSS

0.00000

출처

Want to know what is going to be exploited?

We predict KEV entries!