CVE-2026-35205 is a high-severity vulnerability in Helm, a package manager for Kubernetes Charts. From version 4.0.0 to 4.1.3, Helm installs plugins missing provenance (.prov file) when signature verification is required. This issue is fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is considered HIGH severity. The CVE was published on April 9, 2026, and last modified on June 30, 2026.
CVE-2026-35204 is a high-severity vulnerability in Helm, a package manager for Kubernetes. The vulnerability allows a specially crafted Helm plugin to write to an arbitrary filesystem location. This issue was present in Helm versions 4.0.0 to 4.1.3 and was fixed in version 4.1.4. The vulnerability has a CVSS score of 8.4 and is classified as HIGH. The CVE was published on April 9, 2026, and last modified [truncated]