Package impact
Go / helm.sh/helm/v4
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-35206 | unknown | — | — | 2mo ago | Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment | |
| CVE-2026-35205 | unknown | — | — | 2mo ago | Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install | |
| CVE-2026-35204 | unknown | — | — | 2mo ago | Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory |