CVE-2026-35205
EUVD-2026-2090109.04.2026, 16:16
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| helm | helm | 4.0.0 ≤ 𝑥 < 4.1.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-636 - Not Failing Securely ('Failing Open')When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
- CWE-347 - Improper Verification of Cryptographic SignatureThe software does not verify, or incorrectly verifies, the cryptographic signature for data.
References