CVE-2026-30834

Exploit

EPSS 0.02%
Veröffentlicht 07.03.2026 15:36:30
Zuletzt bearbeitet 11.03.2026 20:30:51
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files, and exfiltrate the full response content. This issue has been patched in version 0.7.7.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pinchtab ≫ Pinchtab Version < 0.7.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/pinchtab/pinchtab/security/advisories/GHSA-rw8p-c6hf-q3pg

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-30834

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-30834

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-30834

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-30834