{"url":"http://public2.vulnerablecode.io/api/packages/374934?format=json","purl":"pkg:golang/github.com/pinchtab/pinchtab@0.8.4","type":"golang","namespace":"github.com/pinchtab","name":"pinchtab","version":"0.8.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.8.5","latest_non_vulnerable_version":"0.8.5","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78335?format=json","vulnerability_id":"VCID-arar-m5vy-h3fa","summary":"PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to `POST /tasks` with a user-controlled `callbackUrl`, the v0.8.3 scheduler sends an outbound HTTP `POST` to that URL when the task reaches a terminal state. In that release, the webhook path validated only the URL scheme and did not reject loopback, private, link-local, or other non-public destinations. Because the v0.8.3 implementation also used the default HTTP client behavior, redirects were followed and the destination was not pinned to validated IPs. This allowed blind SSRF from the PinchTab server to attacker-chosen HTTP(S) targets reachable from the server. This issue is narrower than a general unauthenticated internet-facing SSRF. The scheduler is optional and off by default, and in token-protected deployments the attacker must already be able to submit tasks using the server's master API token. In PinchTab's intended deployment model, that token represents administrative control rather than a low-privilege role. Tokenless deployments lower the barrier further, but that is a separate insecure configuration state rather than impact created by the webhook bug itself. PinchTab's default deployment model is local-first and user-controlled, with loopback bind and token-based access in the recommended setup. That lowers practical risk in default use, even though it does not remove the underlying webhook issue when the scheduler is enabled and reachable. This was addressed in v0.8.4 by validating callback targets before dispatch, rejecting non-public IP ranges, pinning delivery to validated IPs, disabling redirect following, and validating `callbackUrl` during task submission.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33619","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20766","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2094","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20942","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20962","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33619"},{"reference_url":"https://github.com/pinchtab/pinchtab","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pinchtab/pinchtab"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33619","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33619"},{"reference_url":"https://github.com/pinchtab/pinchtab/commit/c824574c3a05073dec2f5e9c219e22ffff8de445","reference_id":"c824574c3a05073dec2f5e9c219e22ffff8de445","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:34:33Z/"}],"url":"https://github.com/pinchtab/pinchtab/commit/c824574c3a05073dec2f5e9c219e22ffff8de445"},{"reference_url":"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-xqq2-4j46-vwp7","reference_id":"GHSA-xqq2-4j46-vwp7","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:34:33Z/"}],"url":"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-xqq2-4j46-vwp7"},{"reference_url":"https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4","reference_id":"v0.8.4","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:34:33Z/"}],"url":"https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374934?format=json","purl":"pkg:golang/github.com/pinchtab/pinchtab@0.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/pinchtab/pinchtab@0.8.4"}],"aliases":["CVE-2026-33619","GHSA-xqq2-4j46-vwp7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arar-m5vy-h3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78200?format=json","vulnerability_id":"VCID-hbp6-k7jx-xkc6","summary":"PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy access logs, browser history, shell history, clipboard history, and tracing systems that capture full URLs. This issue is an unsafe credential transport pattern rather than a direct authentication bypass. It only affects deployments where a token is configured and a client actually uses the query-parameter form. PinchTab's security guidance already recommended `Authorization: Bearer <token>`, but `v0.8.3` still accepted `?token=` and included first-party flows that generated and consumed URLs containing the token. This was addressed in v0.8.4 by removing query-string token authentication and requiring safer header- or session-based authentication flows.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33620","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25943","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25941","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25744","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25959","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33620"},{"reference_url":"https://github.com/pinchtab/pinchtab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pinchtab/pinchtab"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33620","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33620"},{"reference_url":"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8","reference_id":"GHSA-mrqc-3276-74f8","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:43:41Z/"}],"url":"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8"},{"reference_url":"https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4","reference_id":"v0.8.4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:43:41Z/"}],"url":"https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374934?format=json","purl":"pkg:golang/github.com/pinchtab/pinchtab@0.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/pinchtab/pinchtab@0.8.4"}],"aliases":["CVE-2026-33620","GHSA-mrqc-3276-74f8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbp6-k7jx-xkc6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/pinchtab/pinchtab@0.8.4"}