CNNVD-202509-2176 Information

CNNVD ID

CNNVD-202509-2176

Related CVE

CVE-2025-59377

• CNNVD Published: 2025-09-15

Description (Chinese)

mcp-kubernetes-server是Pengfei Ni个人开发者的一个模型上下文协议服务器。 mcp-kubernetes-server 0.1.11及之前版本存在安全漏洞，该漏洞源于使用shell=True参数，可能导致OS命令注入攻击。

Description (English)

mcp-kubernetes-server is a model context protocol server for Pengfei Ni personal developers. There is a security loophole in mcp-kubernetes-server 0.1.11 and earlier versions, which stems from the use of shell =True parameters, which could lead to an OS order being injected into the attack.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/feiskyer/mcp-kubernetes-server/blob/78957b6c1a3982080cf6fcaac6f6e9014116a71c/src/mcp_kubernetes_server/command.py#L38 https://github.com/william31212/CVE-Requests-1896609 https://access.redhat.com/security/cve/cve-2025-59377