kubectl-mcp-server 1.2.0: Malicious Command Execution via User Input

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

kubectl-mcp-server 1.2.0: Malicious Command Execution via User Input

CVE-2025-69902

Summary

A security issue in kubectl-mcp-server 1.2.0 allows attackers to run unauthorized system commands. This could lead to data theft, system compromise, or other malicious activities. Users should update to the latest version of kubectl-mcp-server to fix this issue.

Original title

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

Original description

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

https://asec.ahnlab.com/ko/92922/
https://github.com/rohitg00/kubectl-mcp-server
https://github.com/rohitg00/kubectl-mcp-server/blob/main/kubectl_mcp_tool/minima...
https://pypi.org/project/kubectl-mcp-tool

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026