RHSA-2026:26441HighCVSS 8.2
Red Hat Security Advisory: Helm CLI v4.1.4 release
🔗 CVE IDs covered (3)
📋 Description
CVE-2026-35204 — github.com/helm/helm: helm.sh/helm/v4: Helm: Arbitrary file write via specially crafted plugin CVE-2026-35205 — github.com/helm/helm: helm.sh/helm/v4: Helm: Arbitrary code execution due to insufficient plugin provenance verification CVE-2026-35206 — github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2026:26441
- externalhttps://access.redhat.com/security/cve/CVE-2026-35204
- externalhttps://access.redhat.com/security/cve/CVE-2026-35205
- externalhttps://access.redhat.com/security/cve/CVE-2026-35206
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://github.com/helm/helm/releases/tag/v4.1.4
- externalhttps://helm.sh/docs/
- externalhttps://mirror.openshift.com/pub/cgw/helm/4.1.4/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26441.json