PatchSiren cyber security CVE debrief
CVE-2026-46519 Flux159 CVE debrief
CVE-2026-46519 is a high-severity vulnerability in mcp-server-kubernetes, a Model Context Protocol server for Kubernetes cluster management. The issue arises from ineffective access controls, where environment variables ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, and ALLOWED_TOOLS are not enforced at the execution layer (tools/call). This allows any client that knows a tool name to invoke it directly, regardless of the configured restriction mode, effectively making the access control cosmetic. The vulnerability has been patched in version 3.6.0.
- Vendor
- Flux159
- Product
- mcp-server-kubernetes
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of mcp-server-kubernetes prior to version 3.6.0 should be aware of this vulnerability, as it allows unauthorized Kubernetes operations.
Technical summary
The vulnerability has a CVSS score of 8.8 and is classified as HIGH severity. It was published on [cvePublishedAt] and modified on [cveModifiedAt]. The CVE record can be found at [resourceLinkAnnotations:cve-org].
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to version 3.6.0 or later
- Review and restrict tool access based on organizational needs
Evidence notes
The vulnerability was patched in version 3.6.0. More information can be found at [resourceLinkAnnotations:ref-4] and [resourceLinkAnnotations:ref-5].
Official resources
CVE-2026-46519 was published on 2026-06-11T19:16:42.213Z and modified on 2026-06-11T21:01:26.377Z.