A failure in access control enforcement within the mcp-server-kubernetes tool allows unauthorized execution of sensitive cluster management commands.

The project enforces environment variables intended to restrict Kubernetes operations only at the tool discovery layer (tools/list). It fails to enforce these same restrictions at the execution layer (tools/call), allowing any client that knows the name of a restricted tool to invoke it directly.

With a CVSS score of 8.8, this is a critical security failure. If an attacker gains access to the MCP server, they can execute unauthorized Kubernetes cluster management operations. This could lead to the deletion of resources, unauthorized access to secrets, or full cluster compromise, significantly impacting the stability and security of the entire infrastructure.

Immediate Action: Upgrade to mcp-server-kubernetes version 3.6.0 or later to ensure that security restrictions are properly enforced during the tool execution phase.

Proactive Monitoring: Audit Kubernetes API server logs for unexpected or unauthorized tool execution calls originating from the MCP server.

Compensating Controls: Implement strict network policies and RBAC for the MCP server itself, ensuring that only authenticated and authorized entities can communicate with the server endpoint.

Public Exploit Available: false

Access control failures at the execution level are extremely dangerous in infrastructure management tools. Administrators must ensure that security logic is applied consistently across all request pathways and should prioritize the update to version 3.6.0 immediately.