Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"kubernetes": {
"args": [
"mcp-server-kubernetes"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
MCP Server that can connect to a Kubernetes cluster and manage it. Supports loading kubeconfig from multiple sources in priority order.
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Five weighted categories — click any category to see the underlying evidence.
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration
### Summary The `kubectl_generic` tool in `mcp-server-kubernetes` passes user-supplied flags directly to kubectl without any allowlist, enabling a **privilege escalation attack** within Kubernetes environments. An attacker who already has limited cluster or codebase access, for example, a developer with pod-deployment permissions but not cluster-admin credentials, can plant a single structured JSON line in an application's log output. When an operator with a privileged kubeconfig uses the MCP se
MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
## Summary `mcp-server-kubernetes` exposes three environment variables (`ALLOW_ONLY_READONLY_TOOLS`, `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS`, `ALLOWED_TOOLS`) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (`tools/list`) but not at the execution layer (`tools/call`). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively
MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting
## Summary The `port_forward` tool in `mcp-server-kubernetes` constructs a kubectl command as a string and splits it on spaces before passing to `spawn()`. Unlike all other tools in the codebase which correctly use `execFileSync("kubectl", argsArray)`, `port_forward` uses string concatenation with user-controlled input (`namespace`, `resourceType`, `resourceName`, `localPort`, `targetPort`) followed by naive `.split(" ")` parsing. This allows an attacker to inject arbitrary kubectl flags by emb
mcp-server-kubernetes has potential security issue in exec_in_pod tool
### Summary A security issue exists in the `exec_in_pod` tool of the `mcp-server-kubernetes` MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (`sh -c`) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without expl
MCP Server Kubernetes vulnerable to command injection in several tools
### Summary A command injection vulnerability exists in the `mcp-server-kubernetes` MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to `child_process.execSync`, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces
Click any tool to inspect its schema.
k8s-diagnoseTroubleshooting prompt that guides through a systematic Kubernetes troubleshooting flow for pods based on a keyword and optional namespace
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in devops / cloud
MCP server for using the GitLab API
⚡ A Simple / Speedy / Secure Link Shortener with Analytics, 100% run on Cloudflare.
MCP Server for GCP environment for interacting with various Observability APIs.
MCP server for Hostinger API
MCP Security Weekly
Get CVE alerts and security updates for Mcp Server Kubernetes and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.