GHSA-94gr-w3q5-rfqrCriticalCVSS 9.8

Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

Published
May 12, 2026
Last Modified
June 18, 2026

🔗 CVE IDs covered (1)

📋 Description

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.

🎯 Affected products2

  • npm/kubectl-mcp-server:< 1.2.0
  • pip/kubectl-mcp-server:< 1.2.0

🔗 References (5)