PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. The /download endpoint contains a server‑side request forgery weakness that allows any user who has API access to instruct the PinchTab server to make arbitrary HTTP requests. The server then returns the full response body to the attacker, enabling extraction of internal network data, local system files, or other sensitive resources. This flaw predominantly results in accidental or intentional confidentiality violations and could be used to surface sensitive information without authentication to the server itself.

The vulnerability is present in PinchTab version 0.7.6 and earlier, a range inferred from the description that the issue was patched in 0.7.7. The affected product is PinchTab as identified by the vendor pinchtab:pinchtab.

The CVSS score of 7.5 places this flaw in the high severity range, but the EPSS value of less than 1% indicates a very low probability of exploitation at present. The flaw is not listed in the CISA KEV catalog. Exploitation requires only API access, meaning that any user who can reach the PinchTab instance (for example, via a network or exposed API key) can trigger SSRF requests. The attacker can direct the server to any URL, including internal addresses and local file URLs, and retrieve the full content of the response. No additional preconditions are needed beyond API access, and the attacker can exploit the issue immediately without further setup.