Количество 3
Количество 3
CVE-2025-53355
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.
GHSA-gjv4-ghm7-q58q
MCP Server Kubernetes vulnerable to command injection in several tools
BDU:2026-00234
Уязвимость функции child_process MCP-сервера для управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю выполнить произвольные команды
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-53355 MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0. | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| GHSA-gjv4-ghm7-q58q MCP Server Kubernetes vulnerable to command injection in several tools | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
 | BDU:2026-00234 Уязвимость функции child_process MCP-сервера для управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю выполнить произвольные команды | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу