{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/helm/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-35205"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Helm"],"_cs_severities":["high"],"_cs_tags":["helm","kubernetes","plugin","signature-bypass","cve-2026-35205"],"_cs_type":"advisory","_cs_vendors":["Helm"],"content_html":"\u003cp\u003eHelm is a package manager for Kubernetes. A vulnerability exists in Helm versions 4.0.0 through 4.1.3 where the platform fails to verify plugin signatures if the \u003ccode\u003e.prov\u003c/code\u003e file is missing during plugin installation or update. This bypass allows malicious plugin authors to omit provenance data, circumventing the intended signature verification process. Successful exploitation enables the installation of unsigned plugins, which can then execute arbitrary code via plugin hooks. This is a significant concern for Kubernetes environments relying on Helm for package management and plugin security. The issue was patched in Helm v4.1.4.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Helm plugin, omitting the \u003ccode\u003e.prov\u003c/code\u003e file to bypass signature verification.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious plugin through a compromised repository or social engineering.\u003c/li\u003e\n\u003cli\u003eA user attempts to install or update the plugin using \u003ccode\u003ehelm plugin install\u003c/code\u003e or \u003ccode\u003ehelm plugin update\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the missing \u003ccode\u003e.prov\u003c/code\u003e file, Helm versions 4.0.0-4.1.3 skip signature verification.\u003c/li\u003e\n\u003cli\u003eThe malicious plugin is installed successfully, despite lacking a valid signature.\u003c/li\u003e\n\u003cli\u003eThe user interacts with the installed plugin or a Helm hook triggers execution of the plugin's code.\u003c/li\u003e\n\u003cli\u003eThe malicious plugin executes arbitrary code on the Kubernetes cluster or the user's machine.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access or control over the system, potentially leading to data exfiltration, resource compromise, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to arbitrary code execution within a Kubernetes environment. The impact could range from data exfiltration and resource hijacking to complete compromise of the cluster. Given the widespread adoption of Helm in managing Kubernetes applications, a significant number of organizations are potentially vulnerable. The vulnerability affects versions 4.0.0 through 4.1.3, requiring users to upgrade to version 4.1.4 or later to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Helm to version 4.1.4 or later to patch CVE-2026-35205.\u003c/li\u003e\n\u003cli\u003eImplement manual validation that a plugin archive contains provenance data (\u003ccode\u003e.prov\u003c/code\u003e file) before installation as a short-term workaround.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect Helm Plugin Installation Without Provenance\u0026quot; to identify attempts to install plugins without \u003ccode\u003e.prov\u003c/code\u003e files.\u003c/li\u003e\n\u003cli\u003eMonitor Helm plugin installation events for unexpected processes or network connections originating from plugin directories using the \u0026quot;Suspicious Process Execution from Helm Plugin Directory\u0026quot; Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-helm-plugin-bypass/","summary":"Helm versions 4.0.0 through 4.1.3 fail to enforce plugin signature verification when the .prov file is missing, allowing installation of unsigned plugins and potentially leading to arbitrary code execution.","title":"Helm Plugin Verification Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-helm-plugin-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Helm","version":"https://jsonfeed.org/version/1.1"}