Vulnerability in Defenseunicorns Pepr
CVE-2026-23634
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting…
EPSS: 0.002 (13.3th percentile) — read the EPSS interpretation.
Affected products
- Defenseunicorns Pepr — versions < 1.0.5
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (x_refsource_MISC, Release Notes)