Vulnerability in Helm

CVE-2026-63308

Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte sl…

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L.

Affected products

  • Helm — versions 0, ba6c9a29efa7bf9198dad6a5ec12b4fb30c96017

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-63308?
CVE-2026-63308 is a medium-severity vulnerability in Helm, classified under Improper Validation of Array Index. CVSS score: 4.3/10. Published 2026-07-17.
How severe is CVE-2026-63308?
Medium severity. CVSS v3 base score is 4.3 out of 10.