2 matches found
CVE-2026-33622 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate...
CVE-2026-33622
creationtimestamp| type| source ---|---|--- 2026-03-22 00:47:51+00:00| published-proof-of-concept| https://github.com/pinchtab/pinchtab/security/advisories/GHSA-w5pc-m664-r62v 2026-03-31 17:24:25+00:00| published-proof-of-concept| Telegram/WxHgPFElWYDoFBGl3K0BVKfspuGbiR8geCdPJnxqtoWdxxM...