Vulnerability in Helm
CVE-2026-63308
Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte sl…
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L.
Affected products
- Helm — versions 0, ba6c9a29efa7bf9198dad6a5ec12b4fb30c96017
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (issue-tracking)
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-63308?
- CVE-2026-63308 is a medium-severity vulnerability in Helm, classified under Improper Validation of Array Index. CVSS score: 4.3/10. Published 2026-07-17.
- How severe is CVE-2026-63308?
- Medium severity. CVSS v3 base score is 4.3 out of 10.