Bug 2456933 (CVE-2026-35204)
| Summary: | CVE-2026-35204 github.com/helm/helm: helm.sh/helm/v4: Helm: Arbitrary file write via specially crafted plugin | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Helm, a package manager for Kubernetes. An attacker could exploit this vulnerability by providing a specially crafted Helm plugin. When such a plugin is installed or updated, Helm incorrectly processes its configuration, allowing the plugin's contents to be written to an arbitrary location on the filesystem. This could lead to unauthorized modification of system files or other critical data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2457444, 2457445 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-04-09 16:02:00 UTC
|