PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35204 helm CVE debrief

CVE-2026-35204 is a high-severity vulnerability in Helm, a package manager for Kubernetes. The vulnerability allows a specially crafted Helm plugin to write to an arbitrary filesystem location. This issue was present in Helm versions 4.0.0 to 4.1.3 and was fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is classified as HIGH. The CVE was published on April 9, 2026, and last modified on June 30, 2026.

Vendor
helm
Product
Unknown
CVSS
HIGH 8.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-09
Original CVE updated
2026-06-30
Advisory published
2026-04-09
Advisory updated
2026-06-30

Who should care

Users of Helm, especially those managing Kubernetes clusters, should be aware of this vulnerability. If you're using Helm versions 4.0.0 to 4.1.3, you should update to version 4.1.4 or later to mitigate this risk. This vulnerability could allow an attacker to write to arbitrary filesystem locations, potentially leading to system compromise.

Technical summary

The vulnerability in Helm allows a specially crafted Helm plugin to write its contents to an arbitrary filesystem location. This is possible because the plugin.yaml file of the Helm plugin can include a version field containing POSIX dot-dot path separators (/../). To prevent this, users should validate the plugin.yaml file. The issue was fixed in Helm version 4.1.4 by adding validation for the plugin.yaml file. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

This vulnerability should be prioritized for remediation due to its high CVSS score of 8.4 and the potential for an attacker to write to arbitrary filesystem locations. Users should update Helm to version 4.1.4 or later as soon as possible.

Recommended defensive actions

  • Update Helm to version 4.1.4 or later
  • Validate the plugin.yaml file of Helm plugins to prevent arbitrary filesystem writes
  • Monitor Helm plugin installations and updates for suspicious activity
  • Implement additional security measures to detect and prevent potential attacks
  • Review and update incident response plans to address potential exploitation of this vulnerability

Evidence notes

The CVE-2026-35204 vulnerability was published on April 9, 2026, and last modified on June 30, 2026. The vulnerability affects Helm versions 4.0.0 to 4.1.3. The CVSS score is 8.4, indicating a high severity. The vulnerability was fixed in Helm version 4.1.4.

Official resources

This article is AI-assisted and based on the supplied source corpus.