GHSA-J65M-HV65-R264 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

Summary PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so...

PT-2026-27628

Name of the Vulnerable Software and Affected Versions PinchTab versions v0.7.7 through v0.8.4 Description PinchTab, a standalone HTTP server designed to give AI agents control over a Chrome browser, has incomplete request-throttling protections for endpoints requiring authentication checks. In...