Cyber Resilience

CVE-2026-30834

HighPublic PoC

Published: 07 March 2026

Published
07 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 6.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30834 is a high-severity SSRF (CWE-918) vulnerability in Pinchtab Pinchtab. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-30834 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting PinchTab versions prior to 0.7.7. PinchTab is a standalone HTTP server designed to provide AI agents with direct control over a Chrome browser. The flaw resides in the /download endpoint, which fails to properly validate user-supplied URLs, enabling SSRF attacks. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with no requirements for authentication, user interaction, or privileges.

Any remote attacker with API access to a vulnerable PinchTab instance can exploit this issue by sending crafted requests to the /download endpoint. This allows the attacker to force the server to issue HTTP requests to arbitrary destinations, such as internal network services or local system files via protocols like file://, and retrieve the full response content for exfiltration. Successful exploitation could lead to unauthorized access to sensitive internal resources without impacting integrity or availability.

The vulnerability has been addressed in PinchTab version 0.7.7, as detailed in the GitHub security advisory at https://github.com/pinchtab/pinchtab/security/advisories/GHSA-rw8p-c6hf-q3pg. Security practitioners should upgrade to the patched version and review API access controls to mitigate risks, particularly in environments where AI agents interact with browser automation tools.

EU & UK References

Vulnerability details

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab…

more

server to make requests to arbitrary URLs, including internal network services and local system files, and exfiltrate the full response content. This issue has been patched in version 0.7.7.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1018 Remote System Discovery Discovery
Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF in public /download endpoint directly enables T1190 (exploit public-facing app with no auth). Allows file:// retrieval of local files (T1005) and forced requests to internal IPs/services for remote system/service discovery (T1018, T1046).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33623Same product: Pinchtab Pinchtab
CVE-2026-33622Same product: Pinchtab Pinchtab
CVE-2026-41271Shared CWE-918
CVE-2026-35486Shared CWE-918
CVE-2026-30858Shared CWE-918
CVE-2026-28451Shared CWE-918
CVE-2026-4231Shared CWE-918
CVE-2026-34576Shared CWE-918
CVE-2026-30247Shared CWE-918
CVE-2026-27488Shared CWE-918

Affected Assets

pinchtab
pinchtab
≤ 0.7.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates user-supplied URLs in the /download endpoint to block arbitrary internal, local, or file:// requests that enable SSRF.

prevent

Enforces boundary protections to restrict the PinchTab server's outbound connections to only authorized external destinations, preventing access to internal network services and local files.

prevent

Applies information flow policies to prohibit the server from initiating unauthorized requests to internal or local resources based on untrusted user input.

References