Access Control Exposure in mcp-server-kubernetes by Flux159
CVE-2026-46519

8.8HIGH

Key Information:

Vendor

Flux159

Vendor
CVE Published:
11 June 2026

What is CVE-2026-46519?

The mcp-server-kubernetes is designed for managing Kubernetes clusters but prior to version 3.6.0, it had significant access control flaws. Specifically, it exposed three environment variables—ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, and ALLOWED_TOOLS—that were meant to restrict Kubernetes operations. Unfortunately, while these controls were documented, they were not enforced during execution, allowing any client with knowledge of a tool name to invoke it directly, thus bypassing the intended restrictions. This vulnerability created a risk of unauthorized operations being performed within the cluster. The issue has been resolved in version 3.6.0, which reinforces access control enforcement.

Affected Version(s)

mcp-server-kubernetes < 3.6.0

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.