PatchSiren

helm CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH helm CVE published 2026-04-09

CVE-2026-35205

CVE-2026-35205 is a high-severity vulnerability in Helm, a package manager for Kubernetes Charts. From version 4.0.0 to 4.1.3, Helm installs plugins missing provenance (.prov file) when signature verification is required. This issue is fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is considered HIGH severity. The CVE was published on April 9, 2026, and last modified on June 30, 2026.

HIGH helm CVE published 2026-04-09

CVE-2026-35204

CVE-2026-35204 is a high-severity vulnerability in Helm, a package manager for Kubernetes. The vulnerability allows a specially crafted Helm plugin to write to an arbitrary filesystem location. This issue was present in Helm versions 4.0.0 to 4.1.3 and was fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is classified as HIGH. The CVE was published on April 9, 2026, and last modified [truncated]