Helm patches plugin path traversal enabling arbitrary file writes

TL;DR — A crafted Helm plugin can exploit a path traversal in plugin metadata to write files outside the Helm plugin directory during plugin install/update.

What happened

Helm is Kubernetes’ de-facto package manager for deploying and managing application “Charts,” and it also supports extensibility via helm plugin.

CVE-2026-35204 describes a path traversal issue where a specially crafted Helm plugin can cause Helm to write the contents of the plugin to an arbitrary filesystem location when the plugin is installed or updated.

This is operationally significant because Helm is frequently present on developer workstations and CI/CD runners; “arbitrary file write during install” is a common stepping-stone primitive for broader compromise depending on what paths can be targeted and how the environment is configured.

Who is impacted

• Teams using Helm >= 4.0.0, < 4.1.4.
• Higher-risk environments where Helm plugins are installed/updated from sources that are not tightly controlled (for example, automation that installs plugins as part of build/deploy setup).
• CI runners and shared build hosts where filesystem writes can affect other jobs, build outputs, credentials, or subsequent pipeline steps.

What to do now

• Follow vendor remediation guidance and apply the latest patched release available at the time of writing.

  "This vulnerability is fixed in 4.1.4."

• Treat Helm plugins as supply-chain inputs: inventory where helm plugin install / helm plugin update is used in automation, and review whether any of those sources are untrusted or mutable.
• Apply the mitigation guidance captured in the CVE record where applicable.

  "To prevent this, validate that the plugin.yaml of the Helm plugin does not include a version: field containing POSIX dot-dot path separators ie. "/../"."