CVE-2026-33620

import requests # Description: This script demonstrates the vulnerable behavior # where the API token is accepted via the URL query parameter. TARGET_URL = "http://localhost:8080" API_TOKEN = "sensitive_api_token_123" print("[*] Testing PinchTab Token Exposure via Query Parameter...") # Vulnerable Request: Token passed in URL # This URL would be logged by proxies or browsers, exposing the credential vulnerable_endpoint = f"{TARGET_URL}/api/control?token={API_TOKEN}" try: # In a real scenario, an attacker might find this URL in proxy logs response = requests.get(vulnerable_endpoint) if response.status_code == 200: print(f"[+] Request Successful! Server accepted token from URL.") print(f"[!] Vulnerability Confirmed: Token '{API_TOKEN}' exposed in URL.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error occurred: {e}")

{"cve": {"id": "CVE-2026-33620", "sourceIdentifier": "[email protected]", "published": "2026-03-26T21:17:06.410", "lastModified": "2026-03-31T15:56:34.637", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy access logs, browser history, shell history, clipboard history, and tracing systems that capture full URLs. This issue is an unsafe credential transport pattern rather than a direct authentication bypass. It only affects deployments where a token is configured and a client actually uses the query-parameter form. PinchTab's security guidance already recommended `Authorization: Bearer <token>`, but `v0.8.3` still accepted `?token=` and included first-party flows that generated and consumed URLs containing the token. This was addressed in v0.8.4 by removing query-string token authentication and requiring safer header- or session-based authentication flows."}, {"lang": "es", "value": "PinchTab es un servidor HTTP independiente que otorga a los agentes de IA control directo sobre un navegador Chrome. PinchTab 'v0.7.8' hasta 'v0.8.3' aceptaba el token de la API de un parámetro de consulta URL 'token' además del encabezado 'Authorization'. Cuando una credencial de API válida se envía en la URL, puede ser expuesta a través de URIs de solicitud registradas por intermediarios o herramientas del lado del cliente, como registros de acceso de proxy inverso, historial del navegador, historial de shell, historial del portapapeles y sistemas de rastreo que capturan URLs completas. Este problema es un patrón de transporte de credenciales inseguro en lugar de una omisión de autenticación directa. Solo afecta a las implementaciones donde se configura un token y un cliente realmente utiliza la forma de parámetro de consulta. La guía de seguridad de PinchTab ya recomendaba 'Authorization: Bearer ', pero 'v0.8.3' aún aceptaba '?token=' e incluía flujos de primera parte que generaban y consumían URLs que contenían el token. Esto se abordó en v0.8.4 al eliminar la autenticación de token en la cadena de consulta y al requerir flujos de autenticación más seguros basados en encabezados o en la sesión."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-598"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pinchtab:pinchtab:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.7.8", "versionEndExcluding": "0.8.4", "matchCriteriaId": "63622A95-2D68-404C-9E53-A6D65A4E8629"}]}]}], "references": [{"url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}