Description
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.4` contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell `-Command` string using a `needle` derived from the profile path. In `v0.8.4`, that string interpolation escapes backslashes but does not safely neutralize other PowerShell metacharacters. If an attacker can launch an instance using a crafted profile name and then trigger the cleanup path, they may be able to execute arbitrary PowerShell commands on the Windows host in the security context of the PinchTab process user. This is not an unauthenticated internet RCE. It requires authenticated, administrative-equivalent API access to instance lifecycle endpoints, and the resulting command execution inherits the permissions of the PinchTab OS user rather than bypassing host privilege boundaries. Version 0.8.5 contains a patch for the issue.
Published: 2026-03-26
Score: 6.7 Medium
EPSS: n/a
KEV: No
Impact: Command Injection
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is a Windows‑only OS command injection in PinchTab v0.8.4, occurring in the orphaned Chrome cleanup routine. When an instance is stopped the cleanup routine builds a PowerShell command string that incorporates the profile path supplied by the attacker. The string interpolation escapes backslashes but leaves other PowerShell metacharacters unescaped, allowing an attacker with authenticated API access to craft a profile name that injects arbitrary PowerShell commands. Execution occurs under the Windows user account running PinchTab, so the attacker gains the privileges of that process but does not bypass host system boundaries.

Affected Systems

Affected systems are installations of PinchTab, a standalone HTTP server that controls a Chrome browser, version 0.8.4 running on Windows. The fix is included in version 0.8.5. No other versions were explicitly listed as affected. The vulnerability does not affect non-Windows platforms.

Risk and Exploitability

The CVSS score of 6.7 represents a medium risk level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated user with administrative-equivalent permissions to the instance lifecycle API and a Windows host. The attacker must create an instance with a specially crafted profile name, then stop the instance to trigger the cleanup path. Because the conditions are specific, the likelihood is limited, but if achieved, the attacker can run arbitrary PowerShell commands with the PinchTab process user rights.

Generated by OpenCVE AI on March 26, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to PinchTab v0.8.5 or later, where the command injection issue is fixed.
  • Restrict API access to instance lifecycle endpoints to trusted administrators only.
  • Validate or sanitize profile names before allowing instance creation, ensuring no PowerShell metacharacters can be injected.
  • Monitor PowerShell execution logs and Windows event logs for anomalous activity originating from the PinchTab user account.

Generated by OpenCVE AI on March 26, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-p8mm-644p-phmh PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Pinchtab
Pinchtab pinchtab
Vendors & Products Pinchtab
Pinchtab pinchtab

Thu, 26 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.4` contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell `-Command` string using a `needle` derived from the profile path. In `v0.8.4`, that string interpolation escapes backslashes but does not safely neutralize other PowerShell metacharacters. If an attacker can launch an instance using a crafted profile name and then trigger the cleanup path, they may be able to execute arbitrary PowerShell commands on the Windows host in the security context of the PinchTab process user. This is not an unauthenticated internet RCE. It requires authenticated, administrative-equivalent API access to instance lifecycle endpoints, and the resulting command execution inherits the permissions of the PinchTab OS user rather than bypassing host privilege boundaries. Version 0.8.5 contains a patch for the issue.
Title PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
Weaknesses CWE-400
CWE-78
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Pinchtab Pinchtab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T20:47:05.652Z

Reserved: 2026-03-23T14:24:11.617Z

Link: CVE-2026-33623

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-26T21:17:06.950

Modified: 2026-03-26T21:17:06.950

Link: CVE-2026-33623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:23:25Z

Weaknesses