{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33081", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T19:27:06.345Z", "datePublished": "2026-03-20T09:05:01.753Z", "dateUpdated": "2026-03-20T21:20:23.968Z"}, "containers": {"cna": {"title": "PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-qwxp-6qf9-wr4m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-qwxp-6qf9-wr4m"}, {"name": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.3"}], "affected": [{"vendor": "pinchtab", "product": "pinchtab", "versions": [{"version": "< 0.8.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T09:05:01.753Z"}, "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can follow attacker-controlled redirects/navigations to internal network addresses after validation. Exploitation requires security.allowDownload=true (disabled by default), limiting real-world impact. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser reach internal services from the PinchTab host, resulting in a blind Server-Side Request Forgery (SSRF) condition against internal-only services. The issue has been patched in version 0.8.3."}], "source": {"advisory": "GHSA-qwxp-6qf9-wr4m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T21:20:01.575679Z", "id": "CVE-2026-33081", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:20:23.968Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T21:20:01.575679Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:20:19.630Z"}}], "cna": {"title": "PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation", "source": {"advisory": "GHSA-qwxp-6qf9-wr4m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "pinchtab", "product": "pinchtab", "versions": [{"status": "affected", "version": "< 0.8.3"}]}], "references": [{"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-qwxp-6qf9-wr4m", "name": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-qwxp-6qf9-wr4m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.3", "name": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can follow attacker-controlled redirects/navigations to internal network addresses after validation. Exploitation requires security.allowDownload=true (disabled by default), limiting real-world impact. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser reach internal services from the PinchTab host, resulting in a blind Server-Side Request Forgery (SSRF) condition against internal-only services. The issue has been patched in version 0.8.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T09:05:01.753Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33081", "state": "PUBLISHED", "dateUpdated": "2026-03-20T21:20:23.968Z", "dateReserved": "2026-03-17T19:27:06.345Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T09:05:01.753Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pinchtab:pinchtab:*:*:*:*:*:*:*:*", "matchCriteriaId": "63D21759-CFD7-4440-9168-BB9449092B6E", "versionEndExcluding": "0.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can follow attacker-controlled redirects/navigations to internal network addresses after validation. Exploitation requires security.allowDownload=true (disabled by default), limiting real-world impact. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser reach internal services from the PinchTab host, resulting in a blind Server-Side Request Forgery (SSRF) condition against internal-only services. The issue has been patched in version 0.8.3."}, {"lang": "es", "value": "PinchTab es un servidor HTTP independiente que otorga a los agentes de IA control directo sobre un navegador Chrome. Las versiones 0.8.2 e inferiores tienen una vulnerabilidad SSRF ciega en el endpoint /download. La funci\u00f3n validateDownloadURL() solo verifica la URL inicial proporcionada por el usuario, pero el navegador Chromium incrustado puede seguir redirecciones/navegaciones controladas por el atacante a direcciones de red internas despu\u00e9s de la validaci\u00f3n. La explotaci\u00f3n requiere security.allowDownload=true (deshabilitado por defecto), lo que limita el impacto en el mundo real. Una p\u00e1gina controlada por el atacante puede usar redirecciones de JavaScript o solicitudes de recursos para hacer que el navegador alcance servicios internos desde el host de PinchTab, lo que resulta en una condici\u00f3n de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) ciega contra servicios solo internos. El problema ha sido parcheado en la versi\u00f3n 0.8.3."}], "id": "CVE-2026-33081", "lastModified": "2026-03-23T15:46:32.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-20T10:16:18.563", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-qwxp-6qf9-wr4m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "pinchtab", "source": "cna", "vendor": "pinchtab"}, "product": "pinchtab", "vendor": "pinchtab"}], "analysis": {"en": {"generated_at": "2026-03-23T17:37:28.007014+00:00", "value": {"mitigation_remediation": ["Upgrade PinchTab to version 0.8.3 or later", "Ensure the security.allowDownload setting remains disabled if upgrade is not possible", "Restrict access to the /download endpoint to trusted users or networks", "Monitor logs for unusual /download activity and internal network requests"], "summary": {"action": "Immediate Patch", "impact": "Blind SSRF to internal services"}, "threat_synthesis": {"affected_systems": "PinchTab, released by the vendor PinchTab, is impacted. Versions 0.8.2 and earlier contain the issue; the problem was resolved in release 0.8.3. Only systems running the vulnerable releases with the security.allowDownload setting enabled are at risk.", "description_and_impact": "The vulnerability permits a blind server\u2011side request forgery against internal network services; the attacker supplies an initial URL to the /download endpoint, which is validated, but the embedded Chromium browser follows redirects to internal addresses after validation. The result is an internal request without the attacker seeing the response. The affected component is the validateDownloadURL() function. This flaw allows an attacker to cause the server host to reach services that are otherwise isolated, potentially revealing sensitive data or enabling lateral movement, though the effect is limited because the feature is controlled by the security.allowDownload flag, which is disabled by default.", "risk_and_exploitability": "The CVSS base score is 5.8, indicating moderate severity. The EPSS score is below 1\u202f%, and it is not listed in the CISA KEV catalog, signaling low likelihood of exploitation in the wild. However, because the attacker can force the browser to hit internal\u2011only endpoints through redirects, the risk is real for environments that enable the download feature. Exploitability requires that an attacker can serve a crafted page that triggers the download endpoint, which may be possible if the server exposes that endpoint to untrusted users or if the attacker can influence a user inside the network."}}}}, "created": "2026-03-20T10:36:28.530874+00:00", "updated": "2026-03-25T14:29:44.162461+00:00", "vendors": ["pinchtab", "pinchtab$PRODUCT$pinchtab"]}