CVE-2026-33621
CVE-2026-33621 is a medium-severity vulnerability in Pinchtab with a CVSS 3.x base score of 4.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-290.
Key facts
- Severity: Medium (CVSS 3.x base score 4.8)
- EPSS exploit prediction: 0% (23rd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-16403
- Weakness: CWE-290
- Affected product: Pinchtab
- Published:
- Last modified:
Description
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.
Frequently asked questions
- What is CVE-2026-33621?
- PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.
- How severe is CVE-2026-33621?
- CVE-2026-33621 has a CVSS 3.x base score of 4.8, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability none.
- Is CVE-2026-33621 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (23rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-33621?
- CVE-2026-33621 affects Pinchtab. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-33621?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-33621 have an EU (EUVD) identifier?
- Yes. CVE-2026-33621 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-16403.
- When was CVE-2026-33621 published?
- CVE-2026-33621 was published on 2026-03-26 and last updated on 2026-06-17.
References
- https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b
- https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4
- https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264
Affected products (1)
- cpe:2.3:a:pinchtab:pinchtab:*:*:*:*:*:*:*:*
More vulnerabilities in Pinchtab
- CVE-2026-33622 — High (CVSS 8.8): PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3`…
- CVE-2026-30834 — High (CVSS 7.5): PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7,…
- CVE-2026-33623 — Medium (CVSS 6.7): PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.4`…
- CVE-2026-33081 — Medium (CVSS 5.8): PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and…
- CVE-2026-33620 — Medium (CVSS 4.3): PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8`…
- CVE-2026-33619 — Medium (CVSS 4.1): PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3…
Other CWE-290 vulnerabilities
- CVE-2026-54782 — Critical (CVSS 10.0): CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1,…
- CVE-2026-48567 — Critical (CVSS 10.0): Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-6213 — Critical (CVSS 10.0): A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check…
- CVE-2026-39858 — Critical (CVSS 10.0): Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high…
- CVE-2025-66570 — Critical (CVSS 10.0): cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability…
- CVE-2025-34063 — Critical (CVSS 10.0): A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure…