Platform
go
Component
helm.sh/helm/v4
Fixed in
4.0.1
4.1.4
CVE-2026-35205 is a high-severity vulnerability affecting Helm, the package manager for Kubernetes Charts, versions 4.0.0 through 4.1.3. This flaw allows attackers to install plugins without proper provenance (signing), effectively bypassing signature verification. Successful exploitation can lead to arbitrary code execution within the Kubernetes cluster, posing a significant security risk. A patch is available in Helm version 4.1.4.
The core of the vulnerability lies in Helm's plugin installation process. Prior to version 4.1.4, Helm allows plugins to be installed even if they lack a .prov file, which is used to verify the plugin's authenticity and integrity. An attacker can craft a malicious plugin, omit the provenance file, and trick a user into installing it. Because signature verification is bypassed, Helm will proceed with the installation without validating the plugin's origin or contents. This is particularly concerning because plugin hooks are executed with the privileges of the Helm user, potentially granting the attacker broad control over the Kubernetes cluster. The impact is severe, potentially enabling attackers to deploy malicious workloads, steal sensitive data, or compromise the entire cluster.
This vulnerability has been publicly disclosed and is considered a high-risk issue due to the potential for arbitrary code execution within Kubernetes clusters. While no active exploitation campaigns have been publicly reported as of this writing, the availability of a proof-of-concept is likely to increase the risk of exploitation. The vulnerability has been added to the CISA KEV catalog, indicating a significant level of concern. The ease of exploitation, combined with the widespread adoption of Helm, makes this a critical vulnerability to address.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
The primary mitigation for CVE-2026-35205 is to immediately upgrade Helm to version 4.1.4 or later. This version includes a fix that enforces provenance verification during plugin installation. If upgrading is not immediately feasible, consider temporarily disabling plugin installations or restricting plugin sources to trusted repositories. While not a complete solution, implementing strict network policies within your Kubernetes cluster can limit the potential blast radius of a compromised plugin. Review existing installed plugins and verify their provenance if possible. After upgrading, confirm the fix by attempting to install a plugin without a .prov file; the installation should fail.
Update Helm to version 4.1.4 or higher to prevent the installation of unsigned plugins. Plugin provenance verification has been strengthened in this version, mitigating the risk of installing malicious components.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-35205 is a high-severity vulnerability in Helm v4.0.0-4.1.3 that allows attackers to install plugins without proper signature verification, potentially leading to arbitrary code execution.
Yes, if you are using Helm version 4.0.0 through 4.1.3, you are affected by this vulnerability. Upgrade to version 4.1.4 or later to mitigate the risk.
The fix is to upgrade Helm to version 4.1.4 or later. This version enforces provenance verification during plugin installation, preventing the bypass.
While no active exploitation campaigns have been publicly reported, the vulnerability is considered high-risk and the availability of a proof-of-concept increases the likelihood of exploitation.
Refer to the official Helm security advisory for detailed information and updates: [https://security.helm.sh/advisories/CVE-2026-35205](https://security.helm.sh/advisories/CVE-2026-35205)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.