ГлавнаяУязвимости → CVE-2026-35205
7.8высокая

CVE-2026-35205

Описание

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.

Затрагиваемое ПО
Helm Helm
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074fhttps://github.com/helm/helm/releases/tag/v4.1.4https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7https://helm.sh/docs/topics/provenance/#the-provenance-filehttps://access.redhat.com/errata/RHSA-2026:26441https://access.redhat.com/security/cve/CVE-2026-35205https://bugzilla.redhat.com/show_bug.cgi?id=2456927https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35205.json