53 matches found
CVE-2026-55882
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...
CVE-2026-55882 Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...
CVE-2026-59092
JuiceFS
PT-2026-55293
Name of the Vulnerable Software and Affected Versions JuiceFS versions prior to 1.3.2 Description An authentication bypass exists due to improper handler registration on the shared http.DefaultServeMux. This allows unauthenticated remote attackers to access sensitive debug and metrics endpoints...
GO-2026-5457 Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof debug endpoints mounted under /debug without access control. An attacker can extract sensitive process memory, including session and apiserver tokens, and degrade server performance by holding the...
GHSA-P749-9W62-W533 Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server
Summary The Tilt HUD server mounts Go's net/http/pprof handlers under /debug with no access control. When the HUD is network-exposed, an attacker can read process memory — including session and apiserver tokens — and hold the process under profiling. Details A blank import of net/http/pprof...
PT-2026-50978
Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via unauthenticated access to the /debug/pprof endpoints. An attacker can retrieve sensitive runtime information, including in-memory state, call stacks, and authentication cache data, or...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via unauthenticated access to the /debug/pprof endpoints. An attacker can retrieve sensitive runtime information, including in-memory state, call stacks, and authentication cache data, or...
GHSA-J93G-RP6M-J32M Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS
Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...
PT-2026-48807
Name of the Vulnerable Software and Affected Versions Arc versions prior to 26.06.1 Description Arc registers Go net/http/pprof handlers at the /debug/pprof/ endpoint. Due to a configuration where /debug/pprof is added to PublicPrefixes and the authentication middleware short-circuits before toke...
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
VulnCheck KEV: CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
CVE-2026-40173 Dgraph: Unauthenticated pprof endpoint leaks admin auth token
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...