CVE-2026-30834

High CVSS: 7.5

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files, and exfiltrate the full response content. This issue has been patched in version 0.7.7.

Vendor

Pinchtab

Product

Pinchtab

CWE

CWE-918

Yayın Tarihi

2026-03-07 16:15:56

Güncelleme

2026-03-11 20:30:51

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Pinchtab HIGH Pinchtab 2026

Referanslar

https://github.com/pinchtab/pinchtab/security/advisories/GHSA-rw8p-c6hf-q3pg

Benzer Kayıtlar

Medium

CVE-2026-33620

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` throug…

Medium

CVE-2026-33622

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` throug…

Medium

CVE-2026-33623

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.4` contai…

Medium

CVE-2026-33081

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below…