PT-2026-60806 · Helm · Helm

·

CVE-2026-63308

·

Published

2026-07-17

·

Updated

2026-07-17

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte slices in chart files. Attackers can include empty files in Helm charts to cause deterministic render failures across template, install, upgrade, lint, and SDK Engine.Render operations.

Exploit

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-63308

Affected Products

Helm