CVE-2026-35204
Published: 09 April 2026
Summary
CVE-2026-35204 is a high-severity Path Traversal (CWE-22) vulnerability in Helm Helm. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the path traversal vulnerability by requiring validation of the plugin.yaml version field to reject inputs containing directory traversal sequences like '/../'.
Ensures timely identification, reporting, and patching of the Helm flaw to version 4.1.4 or later, eliminating the vulnerability.
Restricts and monitors user installation of Helm plugins, preventing deployment of specially crafted malicious plugins that exploit the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability requires tricking user into installing malicious Helm plugin (T1204.002 Malicious File) to trigger path traversal and arbitrary file write.
NVD Description
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this,…
more
validate that the plugin.yaml of the Helm plugin does not include a version: field containing POSIX dot-dot path separators ie. "/../". This vulnerability is fixed in 4.1.4.
Deeper analysisAI
CVE-2026-35204 is a path traversal vulnerability (CWE-22) affecting Helm, a package manager for Kubernetes Charts. In versions 4.0.0 through 4.1.3, a specially crafted Helm plugin causes Helm to write the plugin's contents to an arbitrary filesystem location during installation or update. This occurs when the plugin.yaml file includes a version field containing POSIX dot-dot path separators such as "/../", allowing directory traversal. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
A local attacker can exploit this vulnerability by tricking a user into installing or updating a malicious Helm plugin, requiring user interaction but no privileges. Successful exploitation enables arbitrary file writes on the filesystem, potentially leading to high-impact confidentiality, integrity, and availability compromises, with a change in scope due to the elevated privileges gained through file placement.
The vulnerability is fixed in Helm version 4.1.4, which adds validation to reject plugin.yaml files with version fields containing "/../" path separators. Security practitioners should upgrade to 4.1.4 or later, review installed plugins for suspicious version fields, and avoid untrusted plugin sources. Relevant resources include the fix commit at https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027, the release notes at https://github.com/helm/helm/releases/tag/v4.1.4, and the advisory at https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg.
Details
- CWE(s)