Description
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.
Published: 2026-03-26
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: Unbounded brute‑force of API token
Action: Immediate Patch
AI Analysis

Impact

PinchTab, a lightweight HTTP server that gives AI agents control over a Chrome browser, contained incomplete request‑throttling protection for authentication‑checkable endpoints from versions 0.7.7 through 0.8.4. The RateLimitMiddleware existed but was not inserted into the production handler chain, and when present it keyed clients using the X‑Forwarded‑For header, allowing spoofing. In v0.8.4 the middleware was wired in and the key switched to the immediate peer IP, yet the /health and /metrics endpoints remained exempt from rate limiting even though /health could still be protected by a token. This flaw does not reveal tokens or bypass authentication, but it removes a crucial defense, allowing an attacker who can reach the API to brute‑force the token without limits. In the default local‑first deployment, the server listens on 127.0.0.1 and generates a random token, reducing practical risk, but the intrinsic weakness remains for any wider exposure. The issue was fully addressed in v0.8.5 by restoring the middleware in the production chain, deriving the client address from the immediate peer IP and removing the exemptions for auth‑checkable endpoints.

Affected Systems

The affected product is PinchTab PinchTab. Versions from 0.7.7 through 0.8.4 are vulnerable. The vulnerability was closed in v0.8.5, which applied rate limiting to all relevant endpoints and used the immediate peer IP for client identification.

Risk and Exploitability

The CVSS base score of 4.8 indicates moderate severity. EPSS information is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack requires network reach to the PinchTab API; from such a position an attacker can send an unbounded number of requests to test or brute‑force the API token. If the token is weak, this could grant unauthorized control of the Chrome instance. Default local‑first configuration mitigates exposure, but any remote exposure or intentionally exposed deployment continues to be subject to this flaw.

Generated by OpenCVE AI on March 26, 2026 at 22:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PinchTab to version 0.8.5 or later to restore comprehensive rate limiting for all auth‑checkable endpoints.
  • If an upgrade is not immediately available, manually insert the RateLimitMiddleware into the production handler chain and configure it to derive the client IP from the immediate peer rather than trusting forwarded headers.
  • Ensure that the /health and /metrics endpoints are either secured or disabled until the rate‑limiting logic is correctly applied.

Generated by OpenCVE AI on March 26, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j65m-hv65-r264 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Pinchtab
Pinchtab pinchtab
Vendors & Products Pinchtab
Pinchtab pinchtab

Thu, 26 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.
Title PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
Weaknesses CWE-290
CWE-770
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Pinchtab Pinchtab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T20:42:12.692Z

Reserved: 2026-03-23T14:24:11.616Z

Link: CVE-2026-33621

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-26T21:17:06.597

Modified: 2026-03-26T21:17:06.597

Link: CVE-2026-33621

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:23:27Z

Weaknesses