Skip to content

rohitg00/kubectl-mcp-server

v1.23.1 Security

This release includes 5 security fixes for security teams reviewing exposed deployments.

Published 4mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 5 known CVEs

Topics

ai deployment devops genai kubernetes kubernetes-tools
+5 more
llms mcp mcp-server npm pypi

Affected surfaces

rce_ssrf breaking_upgrade

Summary

AI summary

Fixed command injection vulnerability in port-forward by replacing os.system() with subprocess.Popen using list arguments.

Full changelog

Changes

Security Fixes

  • Fixed os.system() command injection in networking.py port-forward — replaced with subprocess.Popen using list args
  • Fixed temp file leak in kubectl_apply — wrapped os.unlink in try/finally
  • Fixed command.split() in kind_node_exec — replaced with shlex.split()
  • Added non-destructive guard to exec_in_pod and port_forward
  • Restricted kubectl_generic allowlist — config limited to safe subcommands, auth limited to can-i
  • Fixed hardcoded version string in HTTP handler

DRY Consolidation

  • Consolidated _get_kubectl_context_args from 10 duplicate implementations to single source in k8s_config.py
  • Extracted shared Helm repo add/update helper
  • Created _cli_utils.py with cached CLI availability checks and common subprocess runner
  • Standardized non-destructive mode patterns across all tool files

Dead Code Removal

  • Removed unused imports across 7 files
  • Removed unused check_safety_mode decorator and is_operation_allowed function from safety.py
  • Removed auto-pip-install antipattern from mcp_server.py

Code Quality

  • Fixed bare except: clauses in networking.py and cost.py
  • Fixed None values in pod recommendations list
  • Proper exception chaining with from err in FastMCP import
  • Updated test suite: 469 tests passing

Install

pip install kubectl-mcp-server==1.23.1
# or
npx [email protected]

Security Fixes

  • Fixed `os.system()` command injection in `networking.py` port-forward — replaced with `subprocess.Popen` using list args
  • Fixed temp file leak in `kubectl_apply` by wrapping `os.unlink` in `try/finally`
  • Fixed insecure `command.split()` usage in `kind_node_exec` — replaced with `shlex.split()`
  • Added non-destructive guard to `exec_in_pod` and `port_forward`
  • Restricted `kubectl_generic` allowlist: `config` limited to safe subcommands, `auth` limited to `can-i`
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track rohitg00/kubectl-mcp-server

Get notified when new releases ship.

Sign up free

About rohitg00/kubectl-mcp-server

A Model Context Protocol (MCP) server for Kubernetes that enables AI assistants like Claude, Cursor, and others to interact with Kubernetes clusters through natural language.

All releases →

Related context

Beta — feedback welcome: [email protected]