CNNVD-202512-330 Information
CNNVD ID
CNNVD-202512-330
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
MCP Server Kubernetes是Suyog Sonwalkar个人开发者的一个用于kubernetes管理的MCP服务器。 MCP Server Kubernetes 2.9.8之前版本存在命令注入漏洞,该漏洞源于exec_in_pod工具未验证用户输入,可能导致命令注入攻击。
Description (English)
MCP Server Kubernetes is a MCP server for kubernetes management by Suyog Sonwalkar personal developer. MCP Server Kubernetes 2.9.8 contains a command-injection loophole, which originates from the unverified user input of the exec in pod tool, which may result in an order-injecting attack.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
个人开发者
Published
2025-12-03
Last Modified
2026-02-24
References
https://github.com/Flux159/mcp-server-kubernetes/commit/d091107ff92d9ffad1b3c295092f142d6578c48b https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-wvxp-jp4w-w8wg https://access.redhat.com/security/cve/cve-2025-66404
Patch
https://github.com/Flux159/mcp-server-kubernetes/releases
Share on: