Auth bypass in Tilt-dev Tilt

CVE-2026-55884

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-lo…

Vulnerability class: Broken Authentication

Affected products

Weakness classification (CWE)

References