CVE-2026-35206

Description

Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working directory; or as given by the --destination and --untardir flags), rather than the expected output directory suffixed by the chart's name. This vulnerability is fixed in 3.20.2 and 4.1.4.

CVSS Details

CVSS Score

4.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* - VULNERABLE

Helm <= 3.20.1

Helm <= 4.1.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-35206 PoC Concept
# This PoC demonstrates the potential impact of the path overwrite vulnerability.
# An attacker creates a malicious chart containing a file intended to overwrite a victim's file.

import os

# 1. Simulate the victim's critical file in the current working directory
critical_file = "config.yaml"
with open(critical_file, "w") as f:
    f.write("production_settings: true")

print(f"[+] Created victim's critical file: {critical_file}")

# 2. In a real attack scenario, the attacker creates a malicious chart.
# When the victim runs: helm pull --untar <malicious-chart-url>
# Instead of creating a folder like 'malicious-chart/', Helm extracts files to the current directory.
# If the malicious chart contains 'config.yaml', it overwrites the victim's file.

print("[!] Vulnerability Triggered:")
print(f"    Running 'helm pull --untar <malicious-chart>' would overwrite {critical_file}")
print("    with the attacker's content due to improper path handling.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-35206
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-35206
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-35206/
[4] VulDB https://vuldb.com/cve/CVE-2026-35206
[5] https://github.com/helm/helm/commit/4e7994d4467182f535b6797c94b5b0e994a91436
[6] https://github.com/helm/helm/releases/tag/v4.1.4
[7] https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-35206", "sourceIdentifier": "[email protected]", "published": "2026-04-09T21:16:09.993", "lastModified": "2026-04-16T20:36:08.770", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working directory; or as given by the --destination and --untardir flags), rather than the expected output directory suffixed by the chart's name. This vulnerability is fixed in 3.20.2 and 4.1.4."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "baseScore": 4.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.20.2", "matchCriteriaId": "07487FEE-D6F0-42D6-953A-C1C68CFEB0EE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.1.4", "matchCriteriaId": "800B9949-E36B-45F3-9EA0-CA9DDA3D8868"}]}]}], "references": [{"url": "https://github.com/helm/helm/commit/4e7994d4467182f535b6797c94b5b0e994a91436", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/helm/helm/releases/tag/v4.1.4", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}