{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35204", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-01T18:48:58.937Z", "datePublished": "2026-04-09T15:03:28.668Z", "dateUpdated": "2026-04-09T17:46:15.811Z"}, "containers": {"cna": {"title": "Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg"}, {"name": "https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027", "tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027"}, {"name": "https://github.com/helm/helm/releases/tag/v4.1.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/releases/tag/v4.1.4"}], "affected": [{"vendor": "helm", "product": "helm", "versions": [{"version": ">= 4.0.0, < 4.1.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T15:03:28.668Z"}, "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not include a version: field containing POSIX dot-dot path separators ie. \"/../\". This vulnerability is fixed in 4.1.4."}], "source": {"advisory": "GHSA-vmx8-mqv2-9gmg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T17:46:08.508995Z", "id": "CVE-2026-35204", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T17:46:15.811Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35204", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-01T18:48:58.937Z", "datePublished": "2026-04-09T15:03:28.668Z", "dateUpdated": "2026-04-09T17:46:15.811Z"}, "containers": {"cna": {"title": "Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg"}, {"name": "https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027", "tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027"}, {"name": "https://github.com/helm/helm/releases/tag/v4.1.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/releases/tag/v4.1.4"}], "affected": [{"vendor": "helm", "product": "helm", "versions": [{"version": ">= 4.0.0, < 4.1.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T15:03:28.668Z"}, "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not include a version: field containing POSIX dot-dot path separators ie. \"/../\". This vulnerability is fixed in 4.1.4."}], "source": {"advisory": "GHSA-vmx8-mqv2-9gmg", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35204", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T17:46:08.508995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T17:46:12.319Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "matchCriteriaId": "800B9949-E36B-45F3-9EA0-CA9DDA3D8868", "versionEndExcluding": "4.1.4", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not include a version: field containing POSIX dot-dot path separators ie. \"/../\". This vulnerability is fixed in 4.1.4."}], "id": "CVE-2026-35204", "lastModified": "2026-04-17T14:07:05.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-09T16:16:27.550", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/helm/helm/releases/tag/v4.1.4"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0.0,4.1.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "helm", "source": "cna", "vendor": "helm"}, "product": "helm", "vendor": "helm"}], "analysis": {"en": {"generated_at": "2026-04-09T16:21:39.190987+00:00", "value": {"mitigation_remediation": ["Upgrade Helm to version 4.1.4 or later.", "Avoid installing plugins from untrusted or unknown sources.", "Before installing a plugin, verify that its plugin.yaml \u2018version\u2019 field does not contain a \u2018/../\u2019 path separator."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary File Write"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to Helm, the Kubernetes package manager, from version 4.0.0 up through 4.1.3. Users who installed or updated plugins during this period were exposed. The flaw was addressed in Helm release 4.1.4.", "description_and_impact": "Helm contains a path traversal flaw in plugin metadata that allows an attacker to write arbitrary files outside the intended Helm plugin directory. This is a CWE\u201122 weakness that can be leveraged to overwrite configuration files or executable binaries, potentially leading to privilege escalation or execution of malicious code. The effect is that the attacker can place or modify any file on the host file system where Helm runs, compromising system integrity.", "risk_and_exploitability": "The CVSS score of 8.4 indicates high severity. Although EPSS data is not available and the vulnerability is not listed in the KEV catalog, exploitation is straightforward for anyone who can supply a malicious plugin during installation or update. The likely attack vector is remote, via a Helm client that trusts the plugin source or via a compromised plugin repository, allowing an attacker to deploy the faulting plugin and trigger the arbitrary file write."}}}}, "created": "2026-04-10T08:53:16.911726+00:00", "updated": "2026-04-10T09:32:29.517812+00:00", "vendors": ["helm", "helm$PRODUCT$helm"]}