CVE-2026-33623

Name of the Vulnerable Software and Affected Versions PinchTab versions prior to 0.8.5

Description PinchTab, a standalone HTTP server for controlling a Chrome browser with AI agents, contains a Windows-only command injection issue within the orphaned Chrome cleanup path. The issue arises because the software builds a PowerShell -Command string using a needle derived from the profile path, escaping backslashes but failing to neutralize other PowerShell metacharacters. An attacker who can launch an instance with a crafted profile name and then trigger the cleanup path may be able to execute arbitrary PowerShell commands on the Windows host in the security context of the PinchTab process user. This requires authenticated, administrative-equivalent API access to instance lifecycle endpoints. The vulnerable code is located in internal/bridge/cleanup windows.go. The attack path involves using the POST /instances/launch and POST /instances/{id}/stop API endpoints. The needle value is derived from the instance/profile name used during launch.

Recommendations Versions prior to 0.8.5 should be updated to version 0.8.5 or later. Do not interpolate user-influenced values into PowerShell -Command strings. Pass search terms through environment variables or structured arguments instead of code generation. Keep strict validation on profile names. Add regression tests covering PowerShell metacharacters in profile-derived values on Windows.