CVE-2026-35205
Published: 09 April 2026
Summary
CVE-2026-35205 is a high-severity Failing Open (CWE-636) vulnerability in Helm Helm. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SR-11 (Component Authenticity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires provenance information for supply chain components and restricts modification, directly mitigating Helm's failure to enforce .prov file presence during required signature verification.
Mandates verification of digital signatures prior to component installation, preventing installation of unsigned or improperly verified Helm plugins.
Verifies component authenticity prior to installation using defined mechanisms, addressing the bypass of integrity checks for Helm plugins lacking proper provenance.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability bypasses required provenance/signature verification for Helm plugins, allowing an attacker to provide a malicious plugin archive (malicious file) that installs successfully when a user runs `helm plugin install`. This directly enables arbitrary code execution via user interaction with the crafted file.
NVD Description
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.
Deeper analysisAI
CVE-2026-35205 affects Helm, a package manager for Kubernetes Charts, in versions 4.0.0 through 4.1.3. The vulnerability allows Helm to install plugins that lack a provenance file (.prov file) even when signature verification is explicitly required. This flaw, classified under CWE-636 (Not Failing Securely), enables the bypass of integrity checks intended to ensure plugin authenticity and trustworthiness. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on April 9, 2026.
An attacker with local access to the victim's system can exploit this vulnerability by providing a malicious plugin archive missing the required .prov file. No special privileges are needed (PR:N), but exploitation requires low complexity and user interaction, such as a user running the `helm plugin install` command on the attacker's crafted plugin while signature verification is enabled. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data theft, or system compromise within the context of the Helm process.
Helm advisories and release notes recommend upgrading to version 4.1.4, which addresses the issue via a specific commit enforcing provenance file presence during signed plugin installations. The official security advisory (GHSA-q5jf-9vfq-h4h7) and release page detail the fix, while Helm documentation on provenance files explains the .prov file's role in verifying plugin signatures and origins. Practitioners should verify plugin sources and enable strict verification policies until patching.
Details
- CWE(s)