Plattform
go
Komponente
helm.sh/helm/v4
Behoben in
4.0.1
4.1.4
CVE-2026-35204 describes a Path Traversal vulnerability discovered in Helm, the package manager for Kubernetes Charts. This flaw allows a specially crafted Helm plugin, during installation or update, to write its contents to an arbitrary location on the user's filesystem. This poses a significant risk of file corruption and potential system compromise. The vulnerability affects Helm versions 4.0.0 through 4.1.3, and a fix is available in version 4.1.4.
The core impact of CVE-2026-35204 lies in the ability of a malicious Helm plugin to bypass intended file system boundaries. An attacker could craft a plugin that, upon installation or update, attempts to write its contents to a location outside of the designated plugin directory. This could lead to the overwriting of critical system files, configuration files, or even user data. The potential for data loss, system instability, and further compromise is significant. This vulnerability shares similarities with other file system traversal exploits, where attackers leverage vulnerabilities to access or modify files beyond their intended scope.
CVE-2026-35204 was publicly disclosed on April 10, 2026. While no active exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation and potential impact warrant careful attention. No public proof-of-concept exploits are currently available, but the vulnerability's nature suggests that such exploits could be developed relatively easily. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Helm for managing Kubernetes deployments are at risk. This includes DevOps teams, platform engineers, and anyone responsible for maintaining Kubernetes clusters. Users who have installed plugins from untrusted sources are particularly vulnerable. Shared hosting environments where multiple users share a single Helm installation are also at increased risk.
• linux / server: Monitor Helm plugin directories (e.g., /var/lib/helm/plugins) for unexpected files or modifications. Use ls -l and find commands to identify anomalies.
find /var/lib/helm/plugins -type f -mmin -60 -print• go: Inspect Helm plugin code for suspicious file path manipulation. Look for functions like os.MkdirAll or os.Create used with user-controlled input.
• generic web: Examine Helm logs for errors related to file writing or permission denied errors.
journalctl -u helm -fdisclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-35204 is to upgrade Helm to version 4.1.4 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing stricter plugin source validation. Only install plugins from trusted repositories and carefully review the plugin's code before installation. As a more restrictive workaround, consider running Helm in an environment with a read-only filesystem, limiting the potential damage from a malicious plugin. Monitor Helm logs for unusual file access patterns or attempts to write to unexpected locations.
Actualice Helm a la versión 4.1.4 o superior para mitigar esta vulnerabilidad. Verifique que el archivo plugin.yaml de sus plugins no contenga la secuencia '/../' en el campo 'version:' para evitar la escritura de archivos arbitrarios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-35204 is a Path Traversal vulnerability in Helm v4 allowing malicious plugins to write to arbitrary filesystem locations.
You are affected if you are running Helm versions 4.0.0 through 4.1.3. Upgrade to 4.1.4 or later to resolve the vulnerability.
Upgrade Helm to version 4.1.4 or later. If immediate upgrade is not possible, restrict filesystem access for the Helm process.
There is currently no evidence of active exploitation, but the potential exists due to the ease of crafting a malicious plugin.
Refer to the official Helm security advisory on the helm.sh website for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.