CVE-2026-30834
Published: 07 March 2026
Summary
CVE-2026-30834 is a high-severity SSRF (CWE-918) vulnerability in Pinchtab Pinchtab. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2026-30834 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting PinchTab versions prior to 0.7.7. PinchTab is a standalone HTTP server designed to provide AI agents with direct control over a Chrome browser. The flaw resides in the /download endpoint, which fails to properly validate user-supplied URLs, enabling SSRF attacks. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with no requirements for authentication, user interaction, or privileges.
Any remote attacker with API access to a vulnerable PinchTab instance can exploit this issue by sending crafted requests to the /download endpoint. This allows the attacker to force the server to issue HTTP requests to arbitrary destinations, such as internal network services or local system files via protocols like file://, and retrieve the full response content for exfiltration. Successful exploitation could lead to unauthorized access to sensitive internal resources without impacting integrity or availability.
The vulnerability has been addressed in PinchTab version 0.7.7, as detailed in the GitHub security advisory at https://github.com/pinchtab/pinchtab/security/advisories/GHSA-rw8p-c6hf-q3pg. Security practitioners should upgrade to the patched version and review API access controls to mitigate risks, particularly in environments where AI agents interact with browser automation tools.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10167
Vulnerability details
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab…
more
server to make requests to arbitrary URLs, including internal network services and local system files, and exfiltrate the full response content. This issue has been patched in version 0.7.7.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public /download endpoint directly enables T1190 (exploit public-facing app with no auth). Allows file:// retrieval of local files (T1005) and forced requests to internal IPs/services for remote system/service discovery (T1018, T1046).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates user-supplied URLs in the /download endpoint to block arbitrary internal, local, or file:// requests that enable SSRF.
Enforces boundary protections to restrict the PinchTab server's outbound connections to only authorized external destinations, preventing access to internal network services and local files.
Applies information flow policies to prohibit the server from initiating unauthorized requests to internal or local resources based on untrusted user input.