PatchSiren cyber security CVE debrief
CVE-2026-35204 helm CVE debrief
CVE-2026-35204 is a high-severity vulnerability in Helm, a package manager for Kubernetes. The vulnerability allows a specially crafted Helm plugin to write to an arbitrary filesystem location. This issue was present in Helm versions 4.0.0 to 4.1.3 and was fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is classified as HIGH. The CVE was published on April 9, 2026, and last modified on June 30, 2026.
- Vendor
- helm
- Product
- Unknown
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-09
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-09
- Advisory updated
- 2026-06-30
Who should care
Users of Helm, especially those managing Kubernetes clusters, should be aware of this vulnerability. If you're using Helm versions 4.0.0 to 4.1.3, you should update to version 4.1.4 or later to mitigate this risk. This vulnerability could allow an attacker to write to arbitrary filesystem locations, potentially leading to system compromise.
Technical summary
The vulnerability in Helm allows a specially crafted Helm plugin to write its contents to an arbitrary filesystem location. This is possible because the plugin.yaml file of the Helm plugin can include a version field containing POSIX dot-dot path separators (/../). To prevent this, users should validate the plugin.yaml file. The issue was fixed in Helm version 4.1.4 by adding validation for the plugin.yaml file. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
This vulnerability should be prioritized for remediation due to its high CVSS score of 8.4 and the potential for an attacker to write to arbitrary filesystem locations. Users should update Helm to version 4.1.4 or later as soon as possible.
Recommended defensive actions
- Update Helm to version 4.1.4 or later
- Validate the plugin.yaml file of Helm plugins to prevent arbitrary filesystem writes
- Monitor Helm plugin installations and updates for suspicious activity
- Implement additional security measures to detect and prevent potential attacks
- Review and update incident response plans to address potential exploitation of this vulnerability
Evidence notes
The CVE-2026-35204 vulnerability was published on April 9, 2026, and last modified on June 30, 2026. The vulnerability affects Helm versions 4.0.0 to 4.1.3. The CVSS score is 8.4, indicating a high severity. The vulnerability was fixed in Helm version 4.1.4.
Official resources
-
CVE-2026-35204 CVE record
CVE.org
-
CVE-2026-35204 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.