CVE-2026-39884: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Flux159 mcp-server-kubernetes
CVE-2026-39884 is an argument injection vulnerability in the Flux159 mcp-server-kubernetes product versions prior to 3. 5. 0. The vulnerability exists in the port_forward tool, where user input is concatenated into a kubectl command string and split on spaces before execution, allowing injection of arbitrary kubectl flags. This can lead to exposure of internal Kubernetes services, cross-namespace access, and indirect exploitation via prompt injection against AI agents connected to the MCP server. The issue has been fixed in version 3. 5. 0.
AI Analysis
Technical Summary
The vulnerability arises from improper neutralization of argument delimiters (CWE-88) in the port_forward tool of mcp-server-kubernetes. Specifically, user-controlled fields (namespace, resourceType, resourceName, localPort, targetPort) are concatenated into a command string and split on spaces before being passed to spawn(), unlike other tools that use safer array-based argument passing with execFileSync(). This flawed parsing allows attackers to inject additional kubectl flags such as --address=0.0.0.0 and multiple -n flags, enabling exposure of internal services and cross-namespace operations. The vulnerability was addressed in version 3.5.0.
Potential Impact
Successful exploitation can lead to unauthorized exposure of internal Kubernetes services to the network, cross-namespace resource targeting, and potential indirect attacks on AI agents connected to the MCP server via prompt injection. The CVSS v3.1 score is 8.3 (high), indicating high confidentiality and integrity impact with low attack complexity and no user interaction required. Availability impact is low.
Mitigation Recommendations
A fix is available in mcp-server-kubernetes version 3.5.0. Users should upgrade to version 3.5.0 or later to remediate this vulnerability. No other vendor advisory or patch information is provided, so patch status beyond this version is not confirmed. Until upgrading, avoid using the vulnerable port_forward tool with untrusted input.
CVE-2026-39884: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Flux159 mcp-server-kubernetes
Description
CVE-2026-39884 is an argument injection vulnerability in the Flux159 mcp-server-kubernetes product versions prior to 3. 5. 0. The vulnerability exists in the port_forward tool, where user input is concatenated into a kubectl command string and split on spaces before execution, allowing injection of arbitrary kubectl flags. This can lead to exposure of internal Kubernetes services, cross-namespace access, and indirect exploitation via prompt injection against AI agents connected to the MCP server. The issue has been fixed in version 3. 5. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises from improper neutralization of argument delimiters (CWE-88) in the port_forward tool of mcp-server-kubernetes. Specifically, user-controlled fields (namespace, resourceType, resourceName, localPort, targetPort) are concatenated into a command string and split on spaces before being passed to spawn(), unlike other tools that use safer array-based argument passing with execFileSync(). This flawed parsing allows attackers to inject additional kubectl flags such as --address=0.0.0.0 and multiple -n flags, enabling exposure of internal services and cross-namespace operations. The vulnerability was addressed in version 3.5.0.
Potential Impact
Successful exploitation can lead to unauthorized exposure of internal Kubernetes services to the network, cross-namespace resource targeting, and potential indirect attacks on AI agents connected to the MCP server via prompt injection. The CVSS v3.1 score is 8.3 (high), indicating high confidentiality and integrity impact with low attack complexity and no user interaction required. Availability impact is low.
Mitigation Recommendations
A fix is available in mcp-server-kubernetes version 3.5.0. Users should upgrade to version 3.5.0 or later to remediate this vulnerability. No other vendor advisory or patch information is provided, so patch status beyond this version is not confirmed. Until upgrading, avoid using the vulnerable port_forward tool with untrusted input.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-07T20:32:03.010Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dece6882d89c981f1bf9e0
Added to database: 4/14/2026, 11:31:52 PM
Last enriched: 4/14/2026, 11:46:50 PM
Last updated: 4/15/2026, 12:51:27 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.