Description
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
Published: 2026-03-16
Score: 9.8 Critical
EPSS: 2.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection flaw exists in the minimal_wrapper.py module of kubectl-mcp-server version 1.2.0. The attacker can inject arbitrary shell metacharacters, causing the underlying operating system to execute commands supplied by the attacker. This leads to uncontrolled modification, execution, or deletion of data, with full compromise of confidentiality, integrity, and availability. The weakness is a classic example of CWE‑94, reflected in the high CVSS score of 9.8.

Affected Systems

Only kubectl‑mcp‑server running the vulnerable 1.2.0 release is affected, specifically when the minimal_wrapper.py component is active and used for command execution. No vendor or product mapping is provided by the CNA, so any system that has installed this version and exposes the wrapper remains at risk.

Risk and Exploitability

The CVSS score of 9.8 coupled with an EPSS score of 2% indicates a significant, though not extreme, exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Based solely on the description, the likelihood is that an attacker with network or local access to the host running the wrapper can provide malicious input that is passed directly to the shell, resulting in arbitrary command execution.

Generated by OpenCVE AI on June 18, 2026 at 10:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade kubectl‑mcp‑server to a newer release that omits or fixes the minimal_wrapper.py component.
  • If an upgrade is unavailable, remove or disable the minimal_wrapper.py script from the server to eliminate the vulnerable execution path.
  • When the wrapper must remain, enforce strict input validation and sandbox the shell execution context, running it under the least privilege necessary.

Generated by OpenCVE AI on June 18, 2026 at 10:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Command Injection in kubectl-mcp-server Allows Arbitrary Shell Execution

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Command Injection in kubectl-mcp-server Allows Arbitrary Shell Execution

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Title Command Injection in kubectl‑mcp-server Minimal Wrapper Vulnerability

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Title Command Injection in kubectl‑mcp-server Minimal Wrapper Vulnerability

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Rohitg00
Rohitg00 kubectl-mcp-server
Vendors & Products Rohitg00
Rohitg00 kubectl-mcp-server

Mon, 16 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
References

Subscriptions

Rohitg00 Kubectl-mcp-server
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-17T14:01:39.958Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69902

cve-icon Vulnrichment

Updated: 2026-03-17T14:00:36.634Z

cve-icon NVD

Status : Deferred

Published: 2026-03-16T21:16:17.700

Modified: 2026-06-17T10:00:55.290

Link: CVE-2025-69902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T10:15:03Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')