CVE-2026-33081

Name of the Vulnerable Software and Affected Versions PinchTab versions 0.8.2 and below

Description PinchTab, a standalone HTTP server providing AI agents control over a Chrome browser, contains a Blind Server-Side Request Forgery (SSRF) condition in the '/download' endpoint. The validateDownloadURL() function only validates the initial URL provided by the user. However, the embedded Chromium browser can follow attacker-controlled redirects and navigations to internal network addresses after this initial validation. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser access internal services from the PinchTab host, resulting in a blind SSRF against internal-only services. Exploitation requires security.allowDownload=true to be enabled, which is disabled by default, limiting real-world impact. The issue allows bypassing the /download URL validation and causing the embedded Chromium browser to make requests to internal network services, potentially interacting with sensitive services or cloud metadata endpoints. The /download endpoint validates only the initial URL provided by the user using validateDownloadURL() to prevent requests to internal or private network addresses. The validation is only applied to the initial URL and not to subsequent browser-issued request targets.

Recommendations Versions prior to 0.8.3: Apply the same URL safety policy to every browser-issued request in the /download flow, not only the initial user-supplied URL, and block requests to loopback, private, link-local, and other non-public network ranges inside the Chromium browser context.