CVE-2026-35206 Overview
A path traversal vulnerability has been identified in Helm, the popular package manager for Kubernetes Charts. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart can cause the helm pull --untar command to write the Chart's contents to an unintended directory. When processing a malicious Chart with a dot-segment name (such as "." or ".."), Helm writes files directly to the output directory (defaulting to the current working directory or as specified by --destination and --untardir flags) instead of the expected subdirectory named after the chart.
Critical Impact
Attackers can craft malicious Helm Charts that write files to arbitrary locations relative to the extraction root, potentially overwriting critical configuration files or injecting malicious content into the user's working directory.
Affected Products
- Helm versions <=3.20.1
- Helm versions <=4.1.4
- Kubernetes environments utilizing vulnerable Helm versions
Discovery Timeline
- April 9, 2026 - CVE-2026-35206 published to NVD
- April 9, 2026 - Last updated in NVD database
Technical Details for CVE-2026-35206
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Path Traversal), which occurs when software constructs pathnames from user-supplied input without proper neutralization of special elements. In this case, Helm's chart extraction process failed to validate chart names that could be interpreted as POSIX path dot-segments.
The core issue lies in how Helm handles the chart.metadata.name field during the untar operation. When a chart name is set to "." (dot) or ".." (dot-dot), the SecureJoin function used for path construction resolves these segments as the current or parent directory respectively. This causes extracted files to be written directly into the extraction root directory rather than an isolated subdirectory named after the chart.
The vulnerability requires local access and user interaction (the victim must pull and untar a malicious chart), but it can have significant impact on integrity and availability of the target system's file structure.
Root Cause
The root cause is insufficient input validation in Helm's chart metadata processing and file expansion utilities. Prior to the fix, Helm did not explicitly reject chart names that:
- Consist entirely of POSIX dot-segments ("." or "..")
- Contain path separators that could alter the extraction path
The SecureJoin function, while designed to prevent path traversal, treats "." as a reference to the current directory, which bypasses the expected behavior of creating a chart-specific subdirectory.
Attack Vector
The attack requires an adversary to craft a malicious Helm Chart with a specially chosen name value in the chart's metadata. When a user runs helm pull --untar against this chart (either from a URL or repository), the extraction process writes files to the immediate output directory instead of a nested directory.
An attacker could exploit this by:
- Creating a chart with name: "." in Chart.yaml
- Publishing the malicious chart to a repository or hosting it at a URL
- Waiting for unsuspecting users to pull and untar the chart
- The chart's contents are written directly to the user's working directory, potentially overwriting existing files
// Security patch in internal/chart/v3/metadata.go
// Source: https://github.com/helm/helm/commit/4e7994d4467182f535b6797c94b5b0e994a91436
return ValidationError("chart.metadata.name is required")
}
+ if md.Name == "." || md.Name == ".." {
+ return ValidationErrorf("chart.metadata.name %q is not allowed", md.Name)
+ }
if md.Name != filepath.Base(md.Name) {
return ValidationErrorf("chart.metadata.name %q is invalid", md.Name)
}
// Security patch in internal/chart/v3/util/expand.go
// Source: https://github.com/helm/helm/commit/4e7994d4467182f535b6797c94b5b0e994a91436
return errors.New("chart name not specified")
}
+ // Reject chart names that are POSIX path dot-segments or dot-dot segments or contain path separators.
+ // A dot-segment name (e.g. ".") causes SecureJoin to resolve to the root
+ // directory and extraction then to write files directly into that extraction root
+ // instead of a per-chart subdirectory.
+ if chartName == "." || chartName == ".." {
+ return fmt.Errorf("chart name %q is not allowed", chartName)
+ }
+ if chartName != filepath.Base(chartName) {
+ return fmt.Errorf("chart name %q must not contain path separators", chartName)
+ }
+
// Find the base directory
// The directory needs to be cleaned prior to passing to SecureJoin or the location may end up
// being wrong or returning an error. This was introduced in v0.4.0.
Detection Methods for CVE-2026-35206
Indicators of Compromise
- Unexpected files appearing in working directories after helm pull --untar operations
- Charts with suspicious name fields in Chart.yaml (specifically "." or ".." values)
- Audit logs showing helm pull --untar commands followed by unexpected file modifications
- Overwritten configuration files in directories where Helm commands were executed
Detection Strategies
- Monitor and audit all helm pull --untar commands in CI/CD pipelines and developer workstations
- Implement pre-pull validation scripts that inspect chart metadata before extraction
- Use file integrity monitoring (FIM) tools to detect unexpected file changes in Helm working directories
- Scan Helm repositories for charts with invalid or suspicious metadata names
Monitoring Recommendations
- Enable audit logging for Helm operations across all Kubernetes management systems
- Configure alerts for file system changes in directories commonly used for Helm operations
- Implement repository scanning to identify and quarantine charts with malformed metadata
- Monitor for download attempts of charts from untrusted or unknown repositories
How to Mitigate CVE-2026-35206
Immediate Actions Required
- Upgrade Helm to version 3.20.2 or 4.1.4 immediately
- Audit recently pulled charts for any suspicious file placements
- Review Helm repositories for charts with dot-segment names
- Restrict helm pull --untar operations to dedicated, isolated directories
Patch Information
Helm has released security patches that address this vulnerability:
- Helm 3.20.2: Fixed version for the 3.x release line
- Helm 4.1.4: Fixed version for the 4.x release line
The fix adds explicit validation to reject chart names that are POSIX dot-segments ("." or "..") or contain path separators. This validation is performed in both the metadata validation (metadata.go) and the expansion utility (expand.go) to provide defense in depth.
For detailed information, see the GitHub Security Advisory GHSA-hr2v-4r36-88hr and the security patch commit.
Workarounds
- Avoid using helm pull --untar with charts from untrusted sources until patched
- Use helm pull without --untar and manually inspect chart contents before extraction
- Implement wrapper scripts that validate chart names before allowing helm pull --untar
- Run Helm operations in isolated container environments to limit potential damage
# Validate chart metadata before untarring
# Download chart without extracting
helm pull <chart-url> --destination /tmp/helm-staging
# Inspect the chart archive for suspicious metadata
tar -tzf /tmp/helm-staging/*.tgz | head -1 | grep -E '^\.$|^\.\.$' && echo "SUSPICIOUS CHART DETECTED" && exit 1
# If validation passes, extract to intended directory
helm pull <chart-url> --untar --untardir /secure/charts/
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
