CVE-2025-59376

LOW

feisky mcp-kubernetes-server < 0.1.11 - Command Injection via Chained Command Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-59376. PoCs published by william31212.

AI-analyzed exploit summary This PoC demonstrates OS command injection (CWE-78) and incorrect access control in feiskyer/mcp-kubernetes-server, allowing RCE and bypass of security flags via shell metacharacter chaining.

Description

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word (i.e., "version") is not a write or delete operation.

Exploits (1)

nomisec WORKING POC 1 stars
by william31212 · poc
https://github.com/william31212/CVE-Requests-1896609

This PoC demonstrates OS command injection (CWE-78) and incorrect access control in feiskyer/mcp-kubernetes-server, allowing RCE and bypass of security flags via shell metacharacter chaining.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mcp-kubernetes-server v0.1.11 and earlier
No auth needed
Prerequisites: Access to the MCP server endpoint · Ability to send crafted kubectl commands
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 3.7
EPSS 0.0001
EPSS Percentile 1.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-77 CWE-863
Status published
Products (2)
feisky/mcp-kubernetes-server < 0.1.11
pypi/mcp-kubernetes-server 0PyPI
Published Sep 15, 2025
Tracked Since Feb 18, 2026