GHSA-94gr-w3q5-rfqrCriticalCVSS 9.8
Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page
🔗 CVE IDs covered (1)
📋 Description
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.
🎯 Affected products2
- npm/kubectl-mcp-server:< 1.2.0
- pip/kubectl-mcp-server:< 1.2.0