CVE-2026-47250 is a medium-severity vulnerability in mcp-server-kubernetes, a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environments. An attacker with limited cluster or codebase access can plant a structured [truncated]
CVE-2026-46519 is a high-severity vulnerability in mcp-server-kubernetes, a Model Context Protocol server for Kubernetes cluster management. The issue arises from ineffective access controls, where environment variables ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, and ALLOWED_TOOLS are not enforced at the execution layer (tools/call). This allows any client that knows a tool name to invoke [truncated]
