CVE-2026-35205

CVSS v4.0

8.4

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Helm versions 4.0.0 through 4.1.3

Description Helm, a package manager for Kubernetes Charts, versions 4.0.0 through 4.1.3 do not install plugins with provenance files (.prov file) when signature verification is required. This impacts the integrity and security of installed plugins.

Recommendations Update to Helm version 4.1.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-636

Related Identifiers

BDU:2026-07345

BIT-HELM-2026-35205

CLEANSTART-2026-WO11084

CVE-2026-35205

GHSA-Q5JF-9VFQ-H4H7

OPENSUSE-SU-2026:10538-1

Affected Products

Helm

Red Os

CVE-2026-35205

Weakness Enumeration

Related Identifiers

Affected Products

References · 34