Zurück zur CVE-Übersicht
CVE-2026-35205
HIGH(7.8)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Risk Signal Score20/100 — NIEDRIG
- CVSS 7.8 — Hoch
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.8
Technische Schwere
Beschreibung
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.
Referenzen
- https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f
- https://github.com/helm/helm/releases/tag/v4.1.4
- https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7
- https://helm.sh/docs/topics/provenance/#the-provenance-file
- https://access.redhat.com/errata/RHSA-2026:26441
- https://access.redhat.com/security/cve/CVE-2026-35205
- https://bugzilla.redhat.com/show_bug.cgi?id=2456927
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35205.json