Is Mcp Kubernetes Server safe to use?

Mcp Kubernetes Server has 2 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "mcp-kubernetes-server". Review the Security section above for details before installing.

How do I install Mcp Kubernetes Server?

Mcp Kubernetes Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Mcp Kubernetes Server?

Mcp Kubernetes Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.

Is Mcp Kubernetes Server actively maintained?

Mcp Kubernetes Server is recently maintained — last commit was 63 days ago. It has 16 GitHub stars.

Mcp Kubernetes Server

A Model Context Protocol (MCP) server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools (like Claude, Cursor, and GitHub Copilot) and Kubernetes, translating natural language requests into Kubernetes operations and returning the results in a format the AI tools can understand.

MaintainedNot tested

Cloud

★ 16PyPI GitHub

53C2 CVEsmaintainedApache-2.0

Quick Install

{
  "mcpServers": {
    "kubernetes": {
      "args": [
        "run",
        "-i",
        "--rm",
        "--mount",
        "type=bind,src=/home/username/.kube/config,dst=/home/mcp/.kube/config",
        "ghcr.io/feiskyer/mcp-kubernetes-server"
      ],
      "command": "docker"
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-kubernetes-server)](https://mcppedia.org/s/mcp-kubernetes-server)

Should you use this server?

The mcp-kubernetes-server is a server implementing the Model Context Protocol (MCP) to enable AI assistants (such as Claude, Cursor, and GitHub Copilot) to interact with Kubernetes clusters. It acts as a bridge, translating natural language requests from these assistants into Kubernetes operations and returning the results.

✗

Is it safe?

2 open CVEs. Verify on OSV.dev →

No authentication — any process on your machine can connect.

Apache-2.0. View license →

✓

Is it maintained?

Last commit 63 days ago. 16 stars.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Score Breakdown

MCPpedia Score

Click each category to see evidence

53C

Last scored 21h ago

How we score →

Security

20/30

2 open vulnerabilities.

✗

Known CVEs — 2 open CVE(s): 0 critical/high, 0 medium, 2 lowcheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — found on deps.dev

✓

License — License: Apache-2.0

○

Authentication — No authentication required

○

Repository — active repo

Advisories (2 open, 0 fixed)

lowCVSS 3.1CVE-2025-59376Open

mcp-kubernetes-server has a Command Injection vulnerability

`mcp-kubernetes-server` does not correctly enforce the `--disable-write` / `--disable-delete` protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell metacharacters (e.g., `kubectl version; kubectl delete pod <name>`). A remote attacker who can invoke the server may therefore bypass the intended write/delete restrictions and perform state-changing

Affected: >= 0Published Sep 15, 2025source \u2192

lowCVSS 3.1CVE-2025-59377Open

mcp-kubernetes-server has an OS Command Injection vulnerability

`feiskyer/mcp-kubernetes-server` through **0.1.11** allows **OS command injection** via the `/mcp/kubectl` endpoint. The handler constructs a shell command with user-supplied arguments and executes it with `subprocess` using `shell=True`, enabling injection through shell metacharacters (e.g., `;`, `&&`, `$()`), even when the server is running in **read-only** mode. A remote, unauthenticated attacker can execute arbitrary OS commands on the host, resulting in full compromise of confidentiality,

Affected: >= 0Published Sep 15, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Frequently Asked Questions

Is Mcp Kubernetes Server safe to use?: Mcp Kubernetes Server has 2 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "mcp-kubernetes-server". Review the Security section above for details before installing.
How do I install Mcp Kubernetes Server?: Mcp Kubernetes Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Kubernetes Server?: Mcp Kubernetes Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.
Is Mcp Kubernetes Server actively maintained?: Mcp Kubernetes Server is recently maintained — last commit was 63 days ago. It has 16 GitHub stars.

Mcp Kubernetes Server

Quick Install

Should you use this server?

Score Breakdown

MCPpedia Score

Test This Server

Security

Advisories (2 open, 0 fixed)

Reviews

Frequently Asked Questions

Similar servers

Observability Mcp

Mcp Server Kubernetes

Kubernetes Mcp Server

Pal Mcp Server

Discussion