Helm.Sh Helm V3 vulnerabilities

CVE-2026-35206 [MEDIUM] CWE-22 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment Helm is a package manager for Charts for Kubernetes. In Helm versions /`, instead of the expected `//`, potentially overwriting the contents of the targeted directory. Note: a chart name containing POSIX dot-dot, or dot-dot and slashes (as if to refer to parent directories) do not resolve beyond the ou

CVE-2025-55198 [MEDIUM] CWE-908 Helm May Panic Due To Incorrect YAML Content Helm May Panic Due To Incorrect YAML Content A Helm contributor discovered an improper validation of type error when parsing Chart.yaml and index.yaml files that can lead to a panic. ### Impact There are two areas of YAML validation that were impacted. First, when a `Chart.yaml` file had a `null` maintainer or the `child` or `parent` of a dependencies `import-values` could be parsed as something other than a string,

CVE-2025-55199 [MEDIUM] CWE-770 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. ### Impact A malicious chart can point `$ref` in _values.schema.json_ to a device (e.g. `/dev/*`) or other problem file which could c

CVE-2025-53547 [HIGH] CWE-94 Helm vulnerable to Code Injection through malicious chart.yaml content Helm vulnerable to Code Injection through malicious chart.yaml content A Helm contributor discovered that a specially crafted `Chart.yaml` file along with a specially linked `Chart.lock` file can lead to local code execution when dependencies are updated. ### Impact Fields in a `Chart.yaml` file, that are carried over to a `Chart.lock` file when dependencies are updated and this file is written

CVE-2025-32387 [MEDIUM] CWE-121 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow. ### Impact A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. ### Patches This

CVE-2025-32386 [MEDIUM] CWE-770 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory (OOM) termination. ### Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >80

CVE-2019-25210 [MEDIUM] CWE-200 Withdrawn Advisory: Helm shows secrets in clear text Withdrawn Advisory: Helm shows secrets in clear text ### Withdrawn Advisory This advisory has been withdrawn because the issue describes intended behavior and the output is not exposed to unauthorized users. This link has been maintained to preserve external references. ### Original Description An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --

CVE-2024-26147 [HIGH] CWE-457 Helm's Missing YAML Content Leads To Panic Helm's Missing YAML Content Leads To Panic A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. ### Impact When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` pac

CVE-2024-25620 [MEDIUM] CWE-22 Helm dependency management path traversal Helm dependency management path traversal A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. ### Impact When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting

CVE-2023-25165 [MEDIUM] CWE-200 Helm vulnerable to information disclosure via getHostByName Function Helm vulnerable to information disclosure via getHostByName Function A Helm contributor discovered an information disclosure vulnerability using the `getHostByName` template function. ### Impact `getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DN

CVE-2022-23524 [MEDIUM] CWE-400 Helm vulnerable to denial of service through string value parsing Helm vulnerable to denial of service through string value parsing Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the _strvals_ package that can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and

CVE-2022-23525 [MEDIUM] CWE-476 Helm vulnerable to denial of service through through repository index file Helm vulnerable to denial of service through through repository index file Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the `_repo_` package that can cause a segmentation violation. Applications that use functions from the `_repo_` package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. ### Impact Th

CVE-2022-23526 [MEDIUM] CWE-476 Helm vulnerable to denial of service through schema file Helm vulnerable to denial of service through schema file Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the `_chartutil_` package that can cause a segmentation violation. Applications that use functions from the `_chartutil_` package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. ### Impact The `_chartutil_` package co

CVE-2022-36055 [MEDIUM] CWE-400 Helm Vulnerable to denial of service through string value parsing Helm Vulnerable to denial of service through string value parsing Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the `_strvals_` package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the `_strvals_` package in the Helm SDK can have a Denial of Service attack when they use this packa

CVE-2020-7919 [HIGH] CWE-295 Helm uses crypto package vulnerable to panic from malformed X.509 certificate Helm uses crypto package vulnerable to panic from malformed X.509 certificate The Helm core maintainers have identified a high severity security vulnerability in Go's `crypto` package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0. Thanks to @ravin9249 for identifying the vulnerability. ### Impact Go before 1.12.16 and 1.13.x before 1.13.7 (and the `crypto/cryptobyte` packag

CVE-2021-21303 [MEDIUM] CWE-74 Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Since Helm 2 was released, a well-documented aspect of Helm is that the Helm chart's version number MUST follow the SemVer2 specification. In the past, Helm would not permit charts with malformed versions. At some point, a patch was merged that changed this - On a version parse error, the version number was simply passed

CVE-2021-32690 [MEDIUM] CWE-200 Helm passes repository credentials to alternate domain Helm passes repository credentials to alternate domain While working on the Helm source, a Helm core maintainer discovered a situation where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. ### Impact The `index.yaml` within a Helm chart repository contains a reference where to get the chart archive for each vers

CVE-2020-4053 [LOW] CWE-22 Plugin archive directory traversal in Helm Plugin archive directory traversal in Helm The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3. ### Impact A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. Traversal Attacks are a form of a

CVE-2020-11013 [HIGH] CWE-200 Lookup function information discolosure in helm Lookup function information discolosure in helm The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.1.2. ### Impact `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The document

CVE-2020-15187 [LOW] CWE-694 plugin.yaml file allows for duplicate entries in helm plugin.yaml file allows for duplicate entries in helm ### Impact During a security audit of Helm's code base, Helm maintainers identified a bug in which a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attac