Browse all 4 CVE security advisories affecting Flux159. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Flux159 primarily serves as a network monitoring tool for infrastructure management, though its core functionality has attracted security researchers due to multiple vulnerabilities. Historically, common weaknesses include remote code execution, cross-site scripting, and privilege escalation flaws, with four CVEs documented to date. The tool's architecture often involves complex web interfaces and API endpoints that have been prone to input validation issues. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities in similar tools suggests potential risks for organizations implementing Flux159 without proper hardening or regular security assessments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7594 | Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal — mcp-game-asset-genCWE-22 | 7.3 | High | 2026-05-01 |
| CVE-2026-39884 | MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting — mcp-server-kubernetesCWE-88 | 8.3 | High | 2026-04-14 |
| CVE-2025-66404 | mcp-server-kubernetes potential security issue in exec_in_pod tool — mcp-server-kubernetesCWE-77 | 6.4 | Medium | 2025-12-03 |
| CVE-2025-53355 | mcp-server-kubernetes vulnerable to command injection in several tools — mcp-server-kubernetesCWE-77 | 7.5 | High | 2025-07-08 |
This page lists every published CVE security advisory associated with Flux159. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.