Description
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can follow attacker-controlled redirects/navigations to internal network addresses after validation. Exploitation requires security.allowDownload=true (disabled by default), limiting real-world impact. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser reach internal services from the PinchTab host, resulting in a blind Server-Side Request Forgery (SSRF) condition against internal-only services. The issue has been patched in version 0.8.3.
Published: 2026-03-20
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Blind SSRF to internal services
Action: Immediate Patch
AI Analysis

Impact

The vulnerability permits a blind server‑side request forgery against internal network services; the attacker supplies an initial URL to the /download endpoint, which is validated, but the embedded Chromium browser follows redirects to internal addresses after validation. The result is an internal request without the attacker seeing the response. The affected component is the validateDownloadURL() function. This flaw allows an attacker to cause the server host to reach services that are otherwise isolated, potentially revealing sensitive data or enabling lateral movement, though the effect is limited because the feature is controlled by the security.allowDownload flag, which is disabled by default.

Affected Systems

PinchTab, released by the vendor PinchTab, is impacted. Versions 0.8.2 and earlier contain the issue; the problem was resolved in release 0.8.3. Only systems running the vulnerable releases with the security.allowDownload setting enabled are at risk.

Risk and Exploitability

The CVSS base score is 5.8, indicating moderate severity. The EPSS score is below 1 %, and it is not listed in the CISA KEV catalog, signaling low likelihood of exploitation in the wild. However, because the attacker can force the browser to hit internal‑only endpoints through redirects, the risk is real for environments that enable the download feature. Exploitability requires that an attacker can serve a crafted page that triggers the download endpoint, which may be possible if the server exposes that endpoint to untrusted users or if the attacker can influence a user inside the network.

Generated by OpenCVE AI on March 23, 2026 at 17:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PinchTab to version 0.8.3 or later
  • Ensure the security.allowDownload setting remains disabled if upgrade is not possible
  • Restrict access to the /download endpoint to trusted users or networks
  • Monitor logs for unusual /download activity and internal network requests

Generated by OpenCVE AI on March 23, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qwxp-6qf9-wr4m PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
History

Mon, 23 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pinchtab:pinchtab:*:*:*:*:*:*:*:*

Fri, 20 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Pinchtab
Pinchtab pinchtab
Vendors & Products Pinchtab
Pinchtab pinchtab

Fri, 20 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Description PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can follow attacker-controlled redirects/navigations to internal network addresses after validation. Exploitation requires security.allowDownload=true (disabled by default), limiting real-world impact. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser reach internal services from the PinchTab host, resulting in a blind Server-Side Request Forgery (SSRF) condition against internal-only services. The issue has been patched in version 0.8.3.
Title PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N'}

Subscriptions

Pinchtab Pinchtab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T21:20:23.968Z

Reserved: 2026-03-17T19:27:06.345Z

Link: CVE-2026-33081

cve-icon Vulnrichment

Updated: 2026-03-20T21:20:19.630Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T10:16:18.563

Modified: 2026-03-23T15:46:32.153

Link: CVE-2026-33081

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:29:44Z

Weaknesses