Detections
Analytics

CVE-2026-23634

medium

Description

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with Pepr and create resources dynamically without needing to pre-configure RBAC. This vulnerability is fixed in 1.0.5.

References

https://github.com/defenseunicorns/pepr/security/advisories/GHSA-w54x-r83c-x79q

https://github.com/defenseunicorns/pepr/releases/tag/v1.0.5

Details

Source: Mitre, NVD

Published: 2026-01-16

Updated: 2026-01-16

00
CVSS v4

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.0003