CVE-2025-65719: Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

May 12, 2026 (updated June 18, 2026)

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.

References

github.com/advisories/GHSA-94gr-w3q5-rfqr
github.com/rohitg00/kubectl-mcp-server
nvd.nist.gov/vuln/detail/CVE-2025-65719
www.ox.security/blog/cve-2025-65719-critical-rce-in-kubectl-mcp-server
www.ox.security/blog/kubectl-mcp-server-remote-code-execution

Code Behaviors & Features

Detect and mitigate CVE-2025-65719 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →