mcp-server-kubernetes 0.2.3-pre.fdc2e0b

Direct Vulnerabilities

Known vulnerabilities in the mcp-server-kubernetes package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Arbitrary Command Injection mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Command Injection via the `exec_in_pod` tool. An attacker can execute arbitrary commands within Kubernetes pods by supplying crafted input containing shell meta-characters, which are interpreted by the shell due to lack of input validation. Note: This can be exploited either directly by users with access to the tool interface or indirectly by embedding malicious instructions in pod logs that may be executed by AI agents. How to fix Arbitrary Command Injection? Upgrade `mcp-server-kubernetes` to version 2.9.8 or higher.	<2.9.8
H Arbitrary Command Injection mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Command Injection via the `child_process.execSync` function. An attacker can execute arbitrary system commands by supplying crafted input parameters. How to fix Arbitrary Command Injection? Upgrade `mcp-server-kubernetes` to version 2.5.0 or higher.	<2.5.0

Vulnerability

Vulnerable Version

Arbitrary Command Injection

mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl

Affected versions of this package are vulnerable to Arbitrary Command Injection via the exec_in_pod tool. An attacker can execute arbitrary commands within Kubernetes pods by supplying crafted input containing shell meta-characters, which are interpreted by the shell due to lack of input validation.

Note:

This can be exploited either directly by users with access to the tool interface or indirectly by embedding malicious instructions in pod logs that may be executed by AI agents.

How to fix Arbitrary Command Injection?

Upgrade mcp-server-kubernetes to version 2.9.8 or higher.

<2.9.8

Arbitrary Command Injection

mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl

Affected versions of this package are vulnerable to Arbitrary Command Injection via the child_process.execSync function. An attacker can execute arbitrary system commands by supplying crafted input parameters.

How to fix Arbitrary Command Injection?

Upgrade mcp-server-kubernetes to version 2.5.0 or higher.

<2.5.0

mcp-server-kubernetes@0.2.3-pre.fdc2e0b

MCP server for interacting with Kubernetes clusters via kubectl

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically