Confused deputy vulnerability in kro (Kube Resource Orchestrator) allowing attackers to introduce malicious CustomResourceDefinitions (CRDs) leading to remote code execution.