CVE-2026-39884: MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

April 14, 2026 (updated April 15, 2026)

The port_forward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn(). Unlike all other tools in the codebase which correctly use execFileSync("kubectl", argsArray), port_forward uses string concatenation with user-controlled input (namespace, resourceType, resourceName, localPort, targetPort) followed by naive .split(" ") parsing. This allows an attacker to inject arbitrary kubectl flags by embedding spaces in any of these fields.

References

github.com/Flux159/mcp-server-kubernetes
github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.5.0
github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-4xqg-gf5c-ghwq
github.com/advisories/GHSA-4xqg-gf5c-ghwq
nvd.nist.gov/vuln/detail/CVE-2026-39884

Code Behaviors & Features

Detect and mitigate CVE-2026-39884 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →