Description
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST /tabs/{id}/wait` when the request uses `fn` mode, even if `security.allowEvaluate` is disabled. `POST /evaluate` correctly enforces the `security.allowEvaluate` guard, which is disabled by default. However, in the affected releases, `POST /wait` accepted a user-controlled `fn` expression, embedded it directly into executable JavaScript, and evaluated it in the browser context without checking the same policy. This is a security-policy bypass rather than a separate authentication bypass. Exploitation still requires authenticated API access, but a caller with the server token can execute arbitrary JavaScript in a tab context even when the operator explicitly disabled JavaScript evaluation. The current worktree fixes this by applying the same policy boundary to `fn` mode in `/wait` that already exists on `/evaluate`, while preserving the non-code wait modes. As of time of publication, a patched version is not yet available.
Published: 2026-03-26
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: Arbitrary JavaScript execution via policy bypass
Action: Apply Patch
AI Analysis

Impact

PinchTab versions 0.8.3 through 0.8.5 leak the ability to run arbitrary JavaScript in a Chrome browser when a user performs a POST to /wait or /tabs/{id}/wait in fn mode. The server evaluates the function expression directly, ignoring the security.allowEvaluate flag that normally blocks such code. This flaw is a security‑policy bypass rather than a new authentication hole, yet it allows any authenticated caller with the server token to execute code in the tab context, exposing the browser’s data and potentially compromising the operator’s environment. The underlying weakness aligns with CWE‑284 (Improper Authorization), CWE‑693 (Protection Mechanism Failure), and CWE‑94 (Improper Control of Generation of Code).

Affected Systems

The affected product is PinchTab by PinchTab, Inc. The problem exists only in the 0.8.3, 0.8.4, and 0.8.5 releases; newer builds are not affected, and a patched version has not yet been released as of the advisory date.

Risk and Exploitability

The CVSS score of 6.1 indicates a medium severity. Because the exploit requires an authenticated API token, an attacker must first obtain valid credentials, which limits the risk to users who have that token. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely known exploits at present. Nonetheless, any user who can authenticate to the PinchTab server could leverage this flaw to execute arbitrary code in the browser context, making it a significant threat to confidentiality and integrity for those users.

Generated by OpenCVE AI on March 26, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm the PinchTab version; if you are on 0.8.3, 0.8.4, or 0.8.5, avoid using /wait and disable fn mode if possible.
  • Limit API access by ensuring only trusted personnel possess the server token and by network‑segmenting the service so that only necessary systems can reach it.
  • Watch the advisories linked in the reference for a patched release, and upgrade PinchTab to a fixed version as soon as it becomes available.
  • If an upgrade cannot be performed immediately, monitor for signs of abuse and consider temporarily blocking the /wait endpoint or restricting POST to /wait via a firewall rule or proxy.

Generated by OpenCVE AI on March 26, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w5pc-m664-r62v A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Pinchtab
Pinchtab pinchtab
Vendors & Products Pinchtab
Pinchtab pinchtab

Thu, 26 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST /tabs/{id}/wait` when the request uses `fn` mode, even if `security.allowEvaluate` is disabled. `POST /evaluate` correctly enforces the `security.allowEvaluate` guard, which is disabled by default. However, in the affected releases, `POST /wait` accepted a user-controlled `fn` expression, embedded it directly into executable JavaScript, and evaluated it in the browser context without checking the same policy. This is a security-policy bypass rather than a separate authentication bypass. Exploitation still requires authenticated API access, but a caller with the server token can execute arbitrary JavaScript in a tab context even when the operator explicitly disabled JavaScript evaluation. The current worktree fixes this by applying the same policy boundary to `fn` mode in `/wait` that already exists on `/evaluate`, while preserving the non-code wait modes. As of time of publication, a patched version is not yet available.
Title A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
Weaknesses CWE-284
CWE-693
CWE-94
References
Metrics cvssV4_0

{'score': 6.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Pinchtab Pinchtab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T20:44:48.220Z

Reserved: 2026-03-23T14:24:11.617Z

Link: CVE-2026-33622

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-26T21:17:06.780

Modified: 2026-03-26T21:17:06.780

Link: CVE-2026-33622

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:23:26Z

Weaknesses