CVE-2025-66404: MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is
Summary
MCP Server Kubernetes (a tool that lets software manage Kubernetes clusters, which are systems for running containerized applications) has a vulnerability in versions before 2.9.8 where the exec_in_pod tool accepts user commands without checking them first. When commands are provided as strings, they go directly to shell interpretation (sh -c, a command processor) without validation, allowing attackers to inject malicious shell commands either directly or through prompt injection (tricking an AI into running hidden instructions in its input).
Solution / Mitigation
Update to version 2.9.8, where this vulnerability is fixed.
Vulnerability Details
6.4(medium)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-66404
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 85%