CVE-2026-35205
Improper Signature Verification in Helm Plugins Allows Tampering
Publication date: 2026-04-09
Last updated on: 2026-04-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| helm | helm | From 4.0.0 (inc) to 4.1.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-636 | When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-35205 allows the installation of unsigned or unverified Helm plugins due to missing provenance (.prov) files when signature verification is required. This flaw can lead to arbitrary code execution, compromising the confidentiality, integrity, and availability of systems using Helm.
Such a compromise can impact compliance with standards and regulations like GDPR and HIPAA, which mandate strict controls over data integrity, confidentiality, and system security. The ability to install malicious plugins without verification increases the risk of unauthorized access or data breaches, potentially violating these regulatory requirements.
By enforcing strict provenance verification in Helm 4.1.4 and later, the vulnerability is mitigated, helping organizations maintain compliance by ensuring only trusted and verified plugins are installed.
Can you explain this vulnerability to me?
CVE-2026-35205 is a vulnerability in Helm, a Kubernetes package manager, affecting versions 4.0.0 through 4.1.3. The issue occurs because Helm installs plugins even when their provenance files (.prov) are missing, despite signature verification being required. Provenance files are cryptographic signature files that verify the authenticity and integrity of Helm charts and plugins.
Due to this flaw, Helm's plugin verification process fails open, allowing unsigned or unverified plugins to be installed if the .prov file is missing. This bypasses the intended security checks that ensure plugins are signed and trusted.
The vulnerability was fixed in Helm version 4.1.4 by changing the verification logic to treat missing provenance files as verification failures, causing installation to fail if signature verification is required and the .prov file is absent.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows the installation of unsigned or unverified Helm plugins when their provenance files are missing, even if signature verification is enabled.
Malicious actors can exploit this flaw by distributing plugins without provenance files, which Helm will install and execute. This can lead to arbitrary code execution on the system where Helm is running.
The vulnerability compromises confidentiality, integrity, and availability of the affected system and any subsequent systems that rely on it, potentially allowing attackers to execute malicious hooks or code.
The attack requires local access with low complexity and no privileges but does require active user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to Helm plugins missing provenance (.prov) files during installation when signature verification is required. To detect this issue, you can verify Helm charts and plugins for the presence and validity of provenance files.
- Use the command `helm verify <chart-package>.tgz` to verify the integrity and authenticity of Helm charts by checking their provenance files.
- During plugin installation, ensure that the `.prov` file is present alongside the plugin archive. Helm will fail installation if verification is enabled and the `.prov` file is missing (in versions 4.1.4 and later).
- Check plugin archives manually to confirm they include the `.prov` file before installation as a workaround.
Note that the vulnerability was fixed in Helm 4.1.4, where missing provenance files cause installation failure if verification is enabled.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, the primary step is to upgrade Helm to version 4.1.4 or later, where the issue is fixed.
- Ensure that plugin installations are performed with signature verification enabled (`--verify` flag).
- Do not bypass verification by using `--verify=false`, as this allows unsigned plugins to be installed.
- Manually verify that plugin archives include valid `.prov` provenance files before installation if upgrading immediately is not possible.
These steps enforce strict signature verification, preventing installation of unsigned or tampered plugins and reducing the risk of arbitrary code execution.