CVE-2026-35205
Modified Modified - Updated After Analysis

Improper Signature Verification in Helm Plugins Allows Tampering

Publication date: 2026-04-09

Last updated on: 2026-06-30

Assigner: GitHub, Inc.

Description
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-09
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-29
NVD
CVE-2026-35205
EUVD
EUVD-2026-20901

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
helm helm From 4.0.0 (inc) to 4.1.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-636 When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

CVE-2026-35205 allows the installation of unsigned or unverified Helm plugins due to missing provenance (.prov) files when signature verification is required. This flaw can lead to arbitrary code execution, compromising the confidentiality, integrity, and availability of systems using Helm.

Such a compromise can impact compliance with standards and regulations like GDPR and HIPAA, which mandate strict controls over data integrity, confidentiality, and system security. The ability to install malicious plugins without verification increases the risk of unauthorized access or data breaches, potentially violating these regulatory requirements.

By enforcing strict provenance verification in Helm 4.1.4 and later, the vulnerability is mitigated, helping organizations maintain compliance by ensuring only trusted and verified plugins are installed.

Executive Summary

CVE-2026-35205 is a vulnerability in Helm, a Kubernetes package manager, affecting versions 4.0.0 through 4.1.3. The issue occurs because Helm installs plugins even when their provenance files (.prov) are missing, despite signature verification being required. Provenance files are cryptographic signature files that verify the authenticity and integrity of Helm charts and plugins.

Due to this flaw, Helm's plugin verification process fails open, allowing unsigned or unverified plugins to be installed if the .prov file is missing. This bypasses the intended security checks that ensure plugins are signed and trusted.

The vulnerability was fixed in Helm version 4.1.4 by changing the verification logic to treat missing provenance files as verification failures, causing installation to fail if signature verification is required and the .prov file is absent.

Impact Analysis

This vulnerability can have severe impacts because it allows the installation of unsigned or unverified Helm plugins when their provenance files are missing, even if signature verification is enabled.

Malicious actors can exploit this flaw by distributing plugins without provenance files, which Helm will install and execute. This can lead to arbitrary code execution on the system where Helm is running.

The vulnerability compromises confidentiality, integrity, and availability of the affected system and any subsequent systems that rely on it, potentially allowing attackers to execute malicious hooks or code.

The attack requires local access with low complexity and no privileges but does require active user interaction.

Detection Guidance

This vulnerability relates to Helm plugins missing provenance (.prov) files during installation when signature verification is required. To detect this issue, you can verify Helm charts and plugins for the presence and validity of provenance files.

  • Use the command `helm verify <chart-package>.tgz` to verify the integrity and authenticity of Helm charts by checking their provenance files.
  • During plugin installation, ensure that the `.prov` file is present alongside the plugin archive. Helm will fail installation if verification is enabled and the `.prov` file is missing (in versions 4.1.4 and later).
  • Check plugin archives manually to confirm they include the `.prov` file before installation as a workaround.

Note that the vulnerability was fixed in Helm 4.1.4, where missing provenance files cause installation failure if verification is enabled.

Mitigation Strategies

To mitigate this vulnerability, the primary step is to upgrade Helm to version 4.1.4 or later, where the issue is fixed.

  • Ensure that plugin installations are performed with signature verification enabled (`--verify` flag).
  • Do not bypass verification by using `--verify=false`, as this allows unsigned plugins to be installed.
  • Manually verify that plugin archives include valid `.prov` provenance files before installation if upgrading immediately is not possible.

These steps enforce strict signature verification, preventing installation of unsigned or tampered plugins and reducing the risk of arbitrary code execution.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart