Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install
GHSA-q5jf-9vfq-h4h7 · BIT-helm-2026-35205 · CVE-2026-35205
Published · Modified
Description
Helm is a package manager for Charts for Kubernetes. In Helm versions >=4.0.0 and <=4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required.
Impact
The bug allows plugin authors to omit provenance (signing) data from plugins, bypassing plugin signature verification upon plugin install/update.
Notably, plugin hooks will be executed as designed on the installed plugin, enabling a malicious plugin to execute arbitrary code.
Patches
This issue has been patched in Helm v4.1.4
Installing/updating a plugin with missing provenance will error if signature verification is required.
Workarounds
Users may manually validate that a plugin archive is not missing provenance data (.prov file) before installation.
References
- WEB https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-35205
- WEB https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f
- PACKAGE https://github.com/helm/helm
- WEB https://github.com/helm/helm/releases/tag/v4.1.4
- WEB https://helm.sh/docs/topics/provenance/#the-provenance-file
Ready to move
Start Securing
Free, no credit card | First findings in minutes