CVE ID :CVE-2026-61459
Published : July 10, 2026, 6:34 p.m. | 43 minutes ago
Description :MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the –server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator’s bearer token to be transmitted externally and enabling full cluster compromise.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More
