Agents
CVE-2026-39884: Argument Injection in mcp-server-kubernetes Enables Cross-Namespace Access via Agent Prompt Injection (CVSS 8.3)
A high-severity argument injection vulnerability in Flux159 mcp-server-kubernetes (pre-3.5.0) allows attackers to inject arbitrary kubectl flags through space-delimited user input in the port_forward tool. Attackers can expose internal Kubernetes services by injecting --address=0.0.0.0, target cross-namespace resources, or achieve indirect exploitation via prompt injection against AI agents connected to the MCP server. Unlike other tools in the codebase that correctly use array-based argument passing, port_forward uses naive string concatenation. Fix: upgrade to v3.5.0.
Source
↳ Follow the thread