CVE-2026-33081 MEDIUM

CVE-2026-33081: PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation

Vendor Pinchtab
Product pinchtab
Weakness CWE-918 · SSRF
Published March 20, 2026
Last update March 20, 2026
View on NVD All CVEs

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can follow attacker-controlled redirects/navigations to internal network addresses after validation. Exploitation requires security.allowDownload=true (disabled by default), limiting real-world impact. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser reach internal services from the PinchTab host, resulting in a blind Server-Side Request Forgery (SSRF) condition against internal-only services. The issue has been patched in version 0.8.3.

Key dates

02Disclosure timeline

March 20, 2026 CVE published
March 20, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-25557 Server-Side Request Forgery in DataHub CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration CVE-2025-53241 WordPress Simplified plugin <= 1.0.11 - Server Side Request Forgery (SSRF) vulnerability CVE-2024-34351 Next.js Server-Side Request Forgery in Server Actions CVE-2025-64525 Astro: URL manipulation via unsanitized headers leads to path-based middleware protections bypass, potential SSRF/cache-poisoning, CVE-2025-61925 bypass