Vulnerability  ·  2026-07-11

MCP Server Kubernetes — Argument Injection Bypasses Dangerous-Flag Protection in kubectl Tools (CVSS 9.8)

VulnerabilityHigh impactGlobalCVE-2026-61459
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes, which are then interpreted as additional kubectl command-line flags rather than resource identifiers.
This MCP server gives LLM agents direct kubectl access to Kubernetes clusters; bypassing the dangerous-flags guardrail via argument injection lets a prompt-injected or malicious agent invoke arbitrary kubectl flags, potentially escalating to cluster-wide command execution or data exfiltration — a critical MCP tool-surface flaw in cluster-management tooling exposed to LLM agents.
Agent tool-call parameters (resourceType, name) prefixed with leading dashes are passed to kubectl and interpreted as command-line flags, bypassing the assertNoDangerousFlags check
MCP Server Kubernetes < 3.9.0
Upgrade to MCP Server Kubernetes ≥3.9.0
GitHub commit
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →