v0.7.0 ships Helm 3.20.0 which is vulnerable to CVE-2026-35206

[Division-x]

CVE-2026-35206 affects Helm <= 3.20.1 and <= 4.1.3. When a specially crafted chart is pulled with helm pull --untar, its contents land directly in the output directory instead of a subdirectory named after the chart, which can clobber whatever is already there. Fixed in 3.20.2 and 4.1.4.

as per the title: rancher/shell:v0.7.0 ships 3.20.0-rancher1, putting it in the vulnerable range.

Request:

bump the Helm version in release/v2.14 and release/v2.13 branches to >= 3.20.2 to cover CVE-2026-35206.

References:

• CVE-2026-35206
• https://github.com/helm/helm/releases/tag/v3.20.2

[mallardduck]

Hey @Division-x - Thanks for the report.

Fortunately the risk for this CVE in context of how Shell image uses helm and how both are used by Rancher is rather low. As you mention the CVE requires a specially crafted chart and use of helm pull --untar. In context of Rancher there is nowhere that Rancher invokes the Shell image and calls helm pull --untar.

Similarly, the helm repo's accessible to Rancher are ones that we control - should not have the charts vulnerable to cause the issue. That in mind, it's not impossible to happen as the Shell image is something users can also interface with. So it could still happen, but users would need to a number of steps first:

1. Launch a Kubectl Shell via Rancher UI,
2. Add a Repo with a vulnerable/malicious chart,
3. Run the helm pull --untar command on the chart with issues

---

All that said, we are currently in the process of fully removing the usage of our "rancher flavored Helm fork". The main branch already has those changes and we have bumped Helm to a patched version. We can expect that these improvements and the helm bump will land in backports once verified.

[mallardduck]

Setting to blocked for now - as mentioned the work is all essentially done when looking at main. For the Branches mentioned here the backports needed are pending QA validation on main branches first.