CVE-2026-23634: Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode
(updated )
Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment
References
- github.com/advisories/GHSA-w54x-r83c-x79q
- github.com/defenseunicorns/pepr
- github.com/defenseunicorns/pepr/commit/d4675a662b8602fcde7e4bf603432f2f133b1fd1
- github.com/defenseunicorns/pepr/pull/2883
- github.com/defenseunicorns/pepr/releases/tag/v1.0.5
- github.com/defenseunicorns/pepr/security/advisories/GHSA-w54x-r83c-x79q
- nvd.nist.gov/vuln/detail/CVE-2026-23634
Code Behaviors & Features
Detect and mitigate CVE-2026-23634 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →