GHSA-Q5JF-9VFQ-H4H7
Vulnerability from github – Published: 2026-04-10 15:33 – Updated: 2026-04-10 15:33
VLAI?
Summary
Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install
Details
Helm is a package manager for Charts for Kubernetes. In Helm versions >=4.0.0 and <=4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required.
Impact
The bug allows plugin authors to omit provenance (signing) data from plugins, bypassing plugin signature verification upon plugin install/update.
Notably, plugin hooks will be executed as designed on the installed plugin, enabling a malicious plugin to execute arbitrary code.
Patches
This issue has been patched in Helm v4.1.4
Installing/updating a plugin with missing provenance will error if signature verification is required.
Workarounds
Users may manually validate that a plugin archive is not missing provenance data (.prov file) before installation.
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.3"
},
"package": {
"ecosystem": "Go",
"name": "helm.sh/helm/v4"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35205"
],
"database_specific": {
"cwe_ids": [
"CWE-636"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T15:33:03Z",
"nvd_published_at": "2026-04-09T16:16:27Z",
"severity": "HIGH"
},
"details": "Helm is a package manager for Charts for Kubernetes. In Helm versions \u003e=4.0.0 and \u003c=4.1.3, Helm will install plugins missing provenance (`.prov` file) when signature verification is required.\n\n### Impact\n\nThe bug allows plugin authors to omit provenance (signing) data from plugins, bypassing plugin signature verification upon plugin install/update.\n\nNotably, plugin hooks will be executed as designed on the installed plugin, enabling a malicious plugin to execute arbitrary code.\n\n### Patches\n\nThis issue has been patched in Helm v4.1.4\n\nInstalling/updating a plugin with missing provenance will error if signature verification is required.\n\n### Workarounds\n\nUsers may manually validate that a plugin archive is not missing provenance data (`.prov` file) before installation.",
"id": "GHSA-q5jf-9vfq-h4h7",
"modified": "2026-04-10T15:33:03Z",
"published": "2026-04-10T15:33:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35205"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f"
},
{
"type": "PACKAGE",
"url": "https://github.com/helm/helm"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/releases/tag/v4.1.4"
},
{
"type": "WEB",
"url": "https://helm.sh/docs/topics/provenance/#the-provenance-file"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Helm\u0027s plugin verification fails open when .prov is missing, allowing unsigned plugin install"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…