CVE-2025-69902 | THREATINT

Description

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

PUBLISHED Reserved 2026-01-09 | Published 2026-03-16 | Updated 2026-03-17 | Assigner mitre

References

github.com/rohitg00/kubectl-mcp-server

pypi.org/project/kubectl-mcp-tool

github.com/.../blob/main/kubectl_mcp_tool/minimal_wrapper.py

asec.ahnlab.com/ko/92922/

cve.org (CVE-2025-69902)

nvd.nist.gov (CVE-2025-69902)

Download JSON