CVE Catalog

CVE-2026-46519

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

19th percentile - higher than 19% of all known CVEs

Summary

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, this server exposes three environment variables intended for access control to Kubernetes operations, but these controls were only effective at the tool discovery layer, not at the execution layer.

Risk Assessment

Any client that knows a tool name can invoke it directly regardless of the configured restriction mode, posing a significant security risk to operations within the Kubernetes cluster.

Recommendation

It is recommended to upgrade to version 3.6.0 or later to mitigate this security vulnerability.

Original NVD description (English source)

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic. This issue has been patched in version 3.6.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS