CVE-2026-33621

{"id": "CVE-2026-33621", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2026-03-26T21:17:06.597", "references": [{"url": "https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b", "source": "security-advisories@github.com"}, {"url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4", "source": "security-advisories@github.com"}, {"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264", "source": "security-advisories@github.com"}, {"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-290"}, {"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well."}, {"lang": "es", "value": "PinchTab es un servidor HTTP aut\u00f3nomo que otorga a los agentes de IA control directo sobre un navegador Chrome. PinchTab 'v0.7.7' hasta 'v0.8.4' contienen protecciones incompletas de limitaci\u00f3n de solicitudes para puntos finales verificables por autenticaci\u00f3n. En 'v0.7.7' hasta 'v0.8.3', exist\u00eda un 'RateLimitMiddleware' completamente implementado en 'internal/handlers/middleware.go' pero no fue insertado en la cadena de gestores HTTP de producci\u00f3n, por lo que las solicitudes no estaban sujetas a la limitaci\u00f3n por IP prevista. En el mismo rango pre-'v0.8.4', el limitador original tambi\u00e9n identificaba a los clientes usando 'X-Forwarded-For', lo que habr\u00eda permitido la suplantaci\u00f3n de encabezados controlada por el cliente si el middleware hubiera estado habilitado. 'v0.8.4' abord\u00f3 esos dos problemas conectando el limitador a la cadena de gestores activa y cambiando la clave a la IP del par inmediato, pero a\u00fan exim\u00eda a '/health' y '/metrics' de la limitaci\u00f3n de velocidad a pesar de que '/health' segu\u00eda siendo un punto final verificable por autenticaci\u00f3n cuando se configuraba un token. Este problema debilita la defensa en profundidad para implementaciones donde un atacante puede alcanzar la API, especialmente si se utiliza un token d\u00e9bil elegido por humanos. No es una omisi\u00f3n de autenticaci\u00f3n directa o un problema de divulgaci\u00f3n de tokens por s\u00ed mismo. PinchTab est\u00e1 documentado como local-first por defecto y utiliza '127.0.0.1' m\u00e1s un token aleatorio generado en la configuraci\u00f3n recomendada. El modelo de implementaci\u00f3n predeterminado de PinchTab es un entorno local-first, controlado por el usuario, entre el usuario y sus agentes; una exposici\u00f3n m\u00e1s amplia es una elecci\u00f3n intencional del operador. Esto reduce el riesgo pr\u00e1ctico en la configuraci\u00f3n predeterminada, aunque por s\u00ed mismo no cambia las caracter\u00edsticas base intr\u00ednsecas del error. Esto fue completamente abordado en 'v0.8.5' aplicando 'RateLimitMiddleware' en la cadena de gestores de producci\u00f3n, derivando la direcci\u00f3n del cliente de la IP del par inmediato en lugar de confiar en los encabezados reenviados por defecto, y eliminando la exenci\u00f3n de '/health' y '/metrics' para que los puntos finales verificables por autenticaci\u00f3n tambi\u00e9n sean limitados."}], "lastModified": "2026-03-30T13:26:50.827", "sourceIdentifier": "security-advisories@github.com"}