VYPR

npm package

mcp-server-kubernetes

pkg:npm/mcp-server-kubernetes

Vulnerabilities (3)

  • CVE-2026-39884HigApr 15, 2026
    affected < 3.5.0fixed 3.5.0

    mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/port_forward.ts, where a kubectl command is constructed via string concatenation

  • CVE-2025-66404Dec 3, 2025
    affected < 2.9.8fixed 2.9.8

    MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string format

  • CVE-2025-53355HigJul 8, 2025
    affected < 2.5.0fixed 2.5.0

    MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.e