PatchSiren cyber security CVE debrief
CVE-2026-35205 helm CVE debrief
CVE-2026-35205 is a high-severity vulnerability in Helm, a package manager for Kubernetes Charts. From version 4.0.0 to 4.1.3, Helm installs plugins missing provenance (.prov file) when signature verification is required. This issue is fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is considered HIGH severity. The CVE was published on April 9, 2026, and last modified on June 30, 2026.
- Vendor
- helm
- Product
- Unknown
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-09
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-09
- Advisory updated
- 2026-06-30
Who should care
Users of Helm, a package manager for Kubernetes Charts, should be aware of this vulnerability. Specifically, those using Helm versions between 4.0.0 and 4.1.3 should take action to upgrade to version 4.1.4 or apply compensating controls. This vulnerability may impact organizations using Kubernetes and Helm for package management.
Technical summary
The vulnerability in Helm allows for the installation of plugins without provenance files (.prov) when signature verification is enabled. This can potentially lead to security risks as the authenticity and integrity of the plugins cannot be verified. The issue arises from the fact that Helm does not properly handle missing provenance files during the installation process. The fix in version 4.1.4 ensures that plugins with missing provenance files are not installed when signature verification is required.
Defensive priority
High priority should be given to upgrading Helm to version 4.1.4 or later. Additionally, organizations should review their current Helm version and plugin management practices to ensure the security and integrity of their Kubernetes environments.
Recommended defensive actions
- Upgrade Helm to version 4.1.4 or later
- Review and update plugin management practices to ensure signature verification is enabled
- Monitor Helm plugin installations for any suspicious activity
- Apply compensating controls such as additional verification steps for plugins
- Regularly review and update Kubernetes environments for security and integrity
Evidence notes
The CVE-2026-35205 vulnerability is documented in the official CVE record and the National Vulnerability Database (NVD). The vulnerability was disclosed by the Helm project and multiple sources, including Red Hat, have provided additional information and errata related to this issue.
Official resources
-
CVE-2026-35205 CVE record
CVE.org
-
CVE-2026-35205 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Source reference
[email protected] - Product
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.