CVE-2025-59376
published 2025-09-15CVE-2025-59376: feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows…
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.28%
19.9th percentile
feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word (i.e., "version") is not a write or delete operation.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| feisky | mcp-kubernetes-server | <= 0.1.11 | — |
| feiskyer | mcp-kubernetes-server | <= 0.1.11 | — |
| feiskyer | mcp-kubernetes-server | 0 – 0.1.11 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mcp-kubernetes-server has a Command Injection vulnerability
osv·2025-09-15
CVE-2025-59376 [MEDIUM] mcp-kubernetes-server has a Command Injection vulnerability
mcp-kubernetes-server has a Command Injection vulnerability
`mcp-kubernetes-server` does not correctly enforce the `--disable-write` / `--disable-delete` protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell metacharacters (e.g., `kubectl version; kubectl delete pod `). A remote attacker who can invoke the server may therefore bypass the intended write/delete restrictions and perform state-changing operations against the Kubernetes cluster.
**Affected versions:** through `0.1.11` (no patched release available as of now).
**Mitigations:**
- Run with `--disable-kubectl` and/or `--disable-helm` to fully block those execution paths.
- Put th
GHSA
mcp-kubernetes-server has a Command Injection vulnerability
ghsa·2025-09-15
CVE-2025-59376 [MEDIUM] CWE-77 mcp-kubernetes-server has a Command Injection vulnerability
mcp-kubernetes-server has a Command Injection vulnerability
`mcp-kubernetes-server` does not correctly enforce the `--disable-write` / `--disable-delete` protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell metacharacters (e.g., `kubectl version; kubectl delete pod `). A remote attacker who can invoke the server may therefore bypass the intended write/delete restrictions and perform state-changing operations against the Kubernetes cluster.
**Affected versions:** through `0.1.11` (no patched release available as of now).
**Mitigations:**
- Run with `--disable-kubectl` and/or `--disable-helm` to fully block those execution paths.
- Put th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-15
Published