Exposures › CVE-2026-61459
CVE-2026-61459 allows attackers to bypass security checks in MCP Server Kubernetes to redirect kubectl commands and exfiltrate bearer tokens.
This critical argument injection vulnerability in MCP Server Kubernetes versions prior to 3.9.0 enables attackers to bypass the assertNoDangerousFlags check by injecting leading dashes into parameters, redirecting kubectl commands to attacker-controlled servers and transmitting bearer tokens externally. DIB organizations must immediately patch affected Kubernetes deployments to prevent full cluster compromise and unauthorized access to sensitive data.
Shame score — A critical RCE vulnerability in a Kubernetes component that allows bearer token exfiltration, though not yet KEV or actively exploited.
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causing the operator's bearer token to be transmitted externally and enabling full cluster compromise.
No correlated FedRAMP products.