Lucene search
+L

5 matches found

nvd
nvd
added 2026/03/26 9:17 p.m.3 views

CVE-2026-33621

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

6.5CVSS0.00308EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/26 8:42 p.m.1 views

CVE-2026-33621

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS5.8AI score0.00308EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/03/26 8:42 p.m.1 views

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

4.8CVSS5.8AI score0.00308EPSS
Exploits1References3
cve
cve
added 2026/03/26 8:42 p.m.10 views

CVE-2026-33621

CVE-2026-33621 concerns PinchTab, a local HTTP server that exposes auth-checkable endpoints to AI agents. Public documents describe a history of incomplete request-throttling protections in versions 0.7.7–0.8.4: the RateLimitMiddleware existed but was not wired into the production handler chain, ...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References3Affected Software1
github
github
added 2026/03/24 7:47 p.m.17 views

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder