PYSEC-2026-1619

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mcp-kubernetes-server/PYSEC-2026-1619.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1619
Aliases
Published
2026-07-07T16:03:05.120447Z
Modified
2026-07-07T17:47:03.424682277Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
mcp-kubernetes-server has a Command Injection vulnerability
Details

mcp-kubernetes-server does not correctly enforce the --disable-write / --disable-delete protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell metacharacters (e.g., kubectl version; kubectl delete pod <name>). A remote attacker who can invoke the server may therefore bypass the intended write/delete restrictions and perform state-changing operations against the Kubernetes cluster.

Affected versions: through 0.1.11 (no patched release available as of now).

Mitigations: - Run with --disable-kubectl and/or --disable-helm to fully block those execution paths. - Put the server behind an allow-list proxy restricting allowed subcommands.

References

Affected packages

PyPI / mcp-kubernetes-server

Package

Name
mcp-kubernetes-server
View open source insights on deps.dev
Purl
pkg:pypi/mcp-kubernetes-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.1.11

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
0.1.11

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/mcp-kubernetes-server/PYSEC-2026-1619.yaml"