Critical github · GHSA-94gr-w3q5-rfqr

Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

Published May 12, 2026 CVSS 9.8

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.

Remote Code Execution Agentic / MCP

Affected AI Products

mcp server

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.