CVE-2025-69902

Published March 16th, 2026

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECTS

Description

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

rohitg00/kubectl-mcp-server

Published in CNCF Landscape: A MCP server for Kubernetes.

GitHub

909

kubectl-mcp-tool

Alias package for kubectl-mcp-server (use kubectl-mcp-server instead)

Python Package Index