NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-35205

Summary	Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.
Publication Date	April 10, 2026, 1:16 a.m.
Registration Date	April 15, 2026, 11:34 a.m.
Last Update	April 14, 2026, 12:02 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f	security-advisories@github.com
2	https://github.com/helm/helm/releases/tag/v4.1.4	security-advisories@github.com
3	https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7	security-advisories@github.com
4	https://helm.sh/docs/topics/provenance/#the-provenance-file	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-636	安全でない失敗処理	https://cwe.mitre.org/data/definitions/636.html