When the Kubelet is run in debug mode, a Pod running in the cluster is able to access the Kubelet’s debug/pprof/cmdline endpoint and examine how the kubelet was executed on the node, specifically the command line flags that were used, which tells the attacker about what capabilities the kubelet has which might be exploited.
Disable --enable-debugging-handlers kubelet flag.