Skip to main content

Tilt CVE-2026-55884

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-06-19 https://github.com/tilt-dev/tilt GHSA-c73q-8xxr-rgqm
9.2
CVSS 4.0 · Vendor: https://github.com/tilt-dev/tilt
Share

Severity by source

Vendor (https://github.com/tilt-dev/tilt) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.9 HIGH

Unauthenticated network access (AV:N/PR:N/UI:N) but AC:H because it depends on a non-default non-loopback bind; S:C since the token proxy reaches the separate apiserver/cluster, with high confidentiality and integrity and low availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/tilt-dev/tilt).

CVSS VectorVendor: https://github.com/tilt-dev/tilt

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jul 10, 2026 - 22:29 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 10, 2026 - 22:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 10, 2026 - 22:22 vuln.today
cvss_changed
CVSS changed
Jul 10, 2026 - 22:22 NVD
9.2 (CRITICAL)
Source Code Evidence Fetched
Jun 19, 2026 - 14:52 vuln.today
Analysis Generated
Jun 19, 2026 - 14:52 vuln.today

DescriptionCVE.org

Summary

The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state including the session token, and reach the Tilt apiserver through a token-attaching proxy.

Details

The HUD server registers its handlers on a gorilla/mux router with no authenticating middleware. The cookieWrapper helper emits the Tilt-Token cookie but never validates it, and is attached only to the static-asset prefix.

Impact

An unauthenticated network caller can force any developer-defined resource to run on the host as the tilt user (choosing which and when, not the command text), set arbitrary Tiltfile arguments, disclose the session token and full engine state, and invoke apiserver resources via the loopback-token proxy. Because tilt up runs with the developer's privileges and credentials, the impact reaches the developer's environment and cluster.

Conditions for exploitation

  • Affected version in >= 0.20.8, <= 0.37.3.
  • HUD bound to a non-loopback address (tilt up --host 0.0.0.0, or TILT_HOST set).
  • Network reachability to the listener (default port 10350).

Not affected

  • The default loopback-only bind is not reachable from the network.

Workarounds

Use the default loopback bind (omit --host, unset TILT_HOST) and ensure nothing else proxies to localhost:10350. No complete workaround short of upgrading for non-loopback deployments.

AnalysisAI

Missing authentication in the Tilt HUD HTTP server (Go package github.com/tilt-dev/tilt, versions 0.20.8 through 0.37.3) lets an unauthenticated network attacker trigger developer-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state including the session token, and proxy authenticated calls into the Tilt apiserver. Exploitation is only possible when Tilt is bound to a non-loopback address (via 'tilt up --host 0.0.0.0' or TILT_HOST), not in the safe default loopback configuration. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover exposed HUD on port 10350
Delivery
Read engine state and extract session token
Exploit
Set arbitrary Tiltfile arguments
Execution
Trigger developer-defined resource on host
Impact
Proxy into Tilt apiserver and cluster

Vulnerability AssessmentAI

Exploitation Requires three concrete conditions all present: (1) an affected version in the range >= 0.20.8 and <= 0.37.3; (2) the HUD explicitly bound to a non-loopback address via 'tilt up --host 0.0.0.0' or the TILT_HOST environment variable - the default loopback-only bind is NOT reachable and is not vulnerable; and (3) network reachability to the listener on default port 10350. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 base score is 9.2 (Critical) with AV:N/AC:L/AT:P/PR:N/UI:N and high confidentiality/integrity impact plus low availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A developer on a shared or cloud dev host starts Tilt with 'tilt up --host 0.0.0.0' so a teammate can view the HUD. An attacker on the same network connects to port 10350 with no credentials, reads the full engine state to steal the session token, then invokes the unauthenticated endpoints to run a developer-defined Tiltfile resource on the host as the tilt user and pivot through the loopback-token proxy into the developer's Kubernetes cluster. …
Remediation Vendor-released patch: upgrade to Tilt v0.37.4 (https://github.com/tilt-dev/tilt/releases/tag/v0.37.4), which enforces the Tilt-Token on the apiserver proxy and restricts /debug endpoints to loopback (fix in PR https://github.com/tilt-dev/tilt/pull/6776). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Tilt instances with non-loopback bindings (check for --host flags other than 127.0.0.1 or TILT_HOST environment variables pointing to non-localhost addresses). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55884 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy