Access Control Exposure in mcp-server-kubernetes by Flux159
CVE-2026-46519
What is CVE-2026-46519?
The mcp-server-kubernetes is designed for managing Kubernetes clusters but prior to version 3.6.0, it had significant access control flaws. Specifically, it exposed three environment variables—ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, and ALLOWED_TOOLS—that were meant to restrict Kubernetes operations. Unfortunately, while these controls were documented, they were not enforced during execution, allowing any client with knowledge of a tool name to invoke it directly, thus bypassing the intended restrictions. This vulnerability created a risk of unauthorized operations being performed within the cluster. The issue has been resolved in version 3.6.0, which reinforces access control enforcement.
Affected Version(s)
mcp-server-kubernetes < 3.6.0
