CVE-2026-23634 - Pepr Overly Permissive RBAC ClusterRole in Admin Mode

CVE ID : CVE-2026-23634 Published : Jan. 16, 2026, 8:15 p.m. | 2 hours, 4 minutes ago Description : Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with Pepr and create resources dynamically without needing to pre-configure RBAC. This vulnerability is fixed in 1.0.5. Severity: 0.0 | NONE Visit the link for more details, such as CVSS details, affected products, timeline, and more...