CVE-2026-55882

CVE-2026-55882

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network…

Vulnerability class: Information Disclosure

Weakness classification (CWE)

References