top of page
perceptive_background_267k.jpg

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vul…

Published:

6 March 2026 at 23:00:00

Alert date:

7 March 2026 at 17:02:49

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Data Breach & Exfiltration

PinchTab is a standalone HTTP server that provides AI agents direct control over Chrome browsers. A Server-Side Request Forgery (SSRF) vulnerability was discovered in the /download endpoint prior to version 0.7.7. This vulnerability allows any user with API access to force the PinchTab server to make requests to arbitrary URLs. Attackers can target internal network services and local system files through this flaw. The vulnerability enables full response content exfiltration from targeted systems. The issue has been resolved in PinchTab version 0.7.7.

Technical details

Mitigation steps:

Affected products:

PinchTab

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-30834
https://github.com/pinchtab/pinchtab/security/advisories/GHSA-rw8p-c6hf-q3pg

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page