CVE-2026-61459
Undergoing Analysis Undergoing Analysis - In Progress

MCP Server Kubernetes Argument Injection Vulnerability

Vulnerability report for CVE-2026-61459, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally and enabling full cluster compromise.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
flux159 mcp_server_kubernetes to 3.9.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61459 is a critical argument injection vulnerability in MCP Server Kubernetes versions before 3.9.0 affecting structured tools like kubectl_get, kubectl_describe, and kubectl_delete.

The vulnerability arises because these tools do not properly sanitize user-supplied input for resourceType and name parameters, allowing attackers to supply values with leading dashes that bypass the assertNoDangerousFlags security check.

This enables attackers to inject the --server flag, redirecting kubectl commands to an attacker-controlled API server, which causes the operator's bearer token to be transmitted externally.

As a result, attackers can potentially achieve full cluster compromise by exploiting this flaw.

Compliance Impact

The vulnerability allows attackers to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally. This exposure of sensitive authentication tokens can lead to full cluster compromise.

Such unauthorized disclosure of sensitive credentials and potential full compromise of Kubernetes clusters can result in violations of data protection and security requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and systems.

Therefore, if exploited, this vulnerability could lead to non-compliance with these regulations due to unauthorized access and potential data breaches.

Impact Analysis

This vulnerability can have severe impacts including the full compromise of your Kubernetes cluster.

By injecting malicious flags, an attacker can redirect kubectl commands to a server they control, causing sensitive credentials such as the operator's bearer token to be leaked.

With access to the bearer token, attackers can perform unauthorized actions within the cluster, potentially leading to data breaches, service disruption, or further exploitation.

  • Leakage of operator's bearer token to attacker-controlled API server.
  • Full cluster compromise through unauthorized access.
  • Bypassing of existing security checks due to improper input sanitization.
Detection Guidance

This vulnerability involves argument injection via kubectl structured tools where resourceType and name parameters with leading dashes can inject dangerous flags like --server. Detection involves monitoring for unusual kubectl commands that include unexpected flags or parameters starting with dashes in resourceType or name fields.

Specifically, you can look for kubectl commands or logs where resourceType or resourceName arguments start with dashes (e.g., --server=...) which are not normally expected.

Since the vulnerability causes the operator's bearer token to be sent to an attacker-controlled API server, network monitoring for outbound connections to unknown or suspicious API server endpoints from kubectl clients can also help detect exploitation attempts.

No explicit detection commands are provided in the resources, but general suggestions include:

  • Inspect kubectl command logs for arguments with leading dashes in resourceType or name parameters.
  • Use network monitoring tools (e.g., tcpdump, Wireshark) to detect unexpected outbound connections from kubectl clients to unknown API servers.
  • Audit shell history or automation scripts for suspicious kubectl commands containing injected flags.
Mitigation Strategies

The primary mitigation is to upgrade MCP Server Kubernetes to version 3.9.0 or later, where the vulnerability has been patched.

The patch includes adding safety checks such as assertSafeArgv to validate command arguments and prevent injection of dangerous flags, and replacing unsafe process execution calls with safer wrappers like execFileSyncSafe.

Additional immediate steps include:

  • Apply input validation to reject resourceType and name parameters that start with dashes.
  • Ensure that all structured kubectl tools enforce the assertNoDangerousFlags guard or equivalent checks.
  • Audit and restrict usage of kubectl commands to trusted users and scripts.
  • Monitor for suspicious API server redirections or unexpected outbound connections.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61459. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart