PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35205 helm CVE debrief

CVE-2026-35205 is a high-severity vulnerability in Helm, a package manager for Kubernetes Charts. From version 4.0.0 to 4.1.3, Helm installs plugins missing provenance (.prov file) when signature verification is required. This issue is fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is considered HIGH severity. The CVE was published on April 9, 2026, and last modified on June 30, 2026.

Vendor
helm
Product
Unknown
CVSS
HIGH 8.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-09
Original CVE updated
2026-06-30
Advisory published
2026-04-09
Advisory updated
2026-06-30

Who should care

Users of Helm, a package manager for Kubernetes Charts, should be aware of this vulnerability. Specifically, those using Helm versions between 4.0.0 and 4.1.3 should take action to upgrade to version 4.1.4 or apply compensating controls. This vulnerability may impact organizations using Kubernetes and Helm for package management.

Technical summary

The vulnerability in Helm allows for the installation of plugins without provenance files (.prov) when signature verification is enabled. This can potentially lead to security risks as the authenticity and integrity of the plugins cannot be verified. The issue arises from the fact that Helm does not properly handle missing provenance files during the installation process. The fix in version 4.1.4 ensures that plugins with missing provenance files are not installed when signature verification is required.

Defensive priority

High priority should be given to upgrading Helm to version 4.1.4 or later. Additionally, organizations should review their current Helm version and plugin management practices to ensure the security and integrity of their Kubernetes environments.

Recommended defensive actions

  • Upgrade Helm to version 4.1.4 or later
  • Review and update plugin management practices to ensure signature verification is enabled
  • Monitor Helm plugin installations for any suspicious activity
  • Apply compensating controls such as additional verification steps for plugins
  • Regularly review and update Kubernetes environments for security and integrity

Evidence notes

The CVE-2026-35205 vulnerability is documented in the official CVE record and the National Vulnerability Database (NVD). The vulnerability was disclosed by the Helm project and multiple sources, including Red Hat, have provided additional information and errata related to this issue.

Official resources

This article is AI-assisted and based on the supplied source corpus.