{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33620", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T14:24:11.616Z", "datePublished": "2026-03-26T20:40:27.026Z", "dateUpdated": "2026-03-30T14:54:23.611Z"}, "containers": {"cna": {"title": "PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems", "problemTypes": [{"descriptions": [{"cweId": "CWE-598", "lang": "en", "description": "CWE-598: Use of GET Request Method With Sensitive Query Strings", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8"}, {"name": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4"}], "affected": [{"vendor": "pinchtab", "product": "pinchtab", "versions": [{"version": ">= 0.7.8, < 0.8.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T20:40:27.026Z"}, "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy access logs, browser history, shell history, clipboard history, and tracing systems that capture full URLs. This issue is an unsafe credential transport pattern rather than a direct authentication bypass. It only affects deployments where a token is configured and a client actually uses the query-parameter form. PinchTab's security guidance already recommended `Authorization: Bearer <token>`, but `v0.8.3` still accepted `?token=` and included first-party flows that generated and consumed URLs containing the token. This was addressed in v0.8.4 by removing query-string token authentication and requiring safer header- or session-based authentication flows."}], "source": {"advisory": "GHSA-mrqc-3276-74f8", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T14:43:41.545447Z", "id": "CVE-2026-33620", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:54:23.611Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33620", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T14:43:41.545447Z"}}}], "references": [{"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:43:53.941Z"}}], "cna": {"title": "PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems", "source": {"advisory": "GHSA-mrqc-3276-74f8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "pinchtab", "product": "pinchtab", "versions": [{"status": "affected", "version": ">= 0.7.8, < 0.8.4"}]}], "references": [{"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8", "name": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4", "name": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy access logs, browser history, shell history, clipboard history, and tracing systems that capture full URLs. This issue is an unsafe credential transport pattern rather than a direct authentication bypass. It only affects deployments where a token is configured and a client actually uses the query-parameter form. PinchTab's security guidance already recommended `Authorization: Bearer <token>`, but `v0.8.3` still accepted `?token=` and included first-party flows that generated and consumed URLs containing the token. This was addressed in v0.8.4 by removing query-string token authentication and requiring safer header- or session-based authentication flows."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-598", "description": "CWE-598: Use of GET Request Method With Sensitive Query Strings"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T20:40:27.026Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33620", "state": "PUBLISHED", "dateUpdated": "2026-03-30T14:54:23.611Z", "dateReserved": "2026-03-23T14:24:11.616Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T20:40:27.026Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL, it can be exposed through request URIs recorded by intermediaries or client-side tooling, such as reverse proxy access logs, browser history, shell history, clipboard history, and tracing systems that capture full URLs. This issue is an unsafe credential transport pattern rather than a direct authentication bypass. It only affects deployments where a token is configured and a client actually uses the query-parameter form. PinchTab's security guidance already recommended `Authorization: Bearer <token>`, but `v0.8.3` still accepted `?token=` and included first-party flows that generated and consumed URLs containing the token. This was addressed in v0.8.4 by removing query-string token authentication and requiring safer header- or session-based authentication flows."}, {"lang": "es", "value": "PinchTab es un servidor HTTP independiente que otorga a los agentes de IA control directo sobre un navegador Chrome. PinchTab 'v0.7.8' hasta 'v0.8.3' aceptaba el token de la API de un par\u00e1metro de consulta URL 'token' adem\u00e1s del encabezado 'Authorization'. Cuando una credencial de API v\u00e1lida se env\u00eda en la URL, puede ser expuesta a trav\u00e9s de URIs de solicitud registradas por intermediarios o herramientas del lado del cliente, como registros de acceso de proxy inverso, historial del navegador, historial de shell, historial del portapapeles y sistemas de rastreo que capturan URLs completas. Este problema es un patr\u00f3n de transporte de credenciales inseguro en lugar de una omisi\u00f3n de autenticaci\u00f3n directa. Solo afecta a las implementaciones donde se configura un token y un cliente realmente utiliza la forma de par\u00e1metro de consulta. La gu\u00eda de seguridad de PinchTab ya recomendaba 'Authorization: Bearer ', pero 'v0.8.3' a\u00fan aceptaba '?token=' e inclu\u00eda flujos de primera parte que generaban y consum\u00edan URLs que conten\u00edan el token. Esto se abord\u00f3 en v0.8.4 al eliminar la autenticaci\u00f3n de token en la cadena de consulta y al requerir flujos de autenticaci\u00f3n m\u00e1s seguros basados en encabezados o en la sesi\u00f3n."}], "id": "CVE-2026-33620", "lastModified": "2026-03-30T15:16:30.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-26T21:17:06.410", "references": [{"source": "[email protected]", "url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4"}, {"source": "[email protected]", "url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-598"}], "source": "[email protected]", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.7.8,0.8.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "pinchtab", "source": "cna", "vendor": "pinchtab"}, "product": "pinchtab", "vendor": "pinchtab"}], "analysis": {"en": {"generated_at": "2026-03-26T22:53:42.231743+00:00", "value": {"mitigation_remediation": ["Upgrade PinchTab to version 0.8.4 or later, which removes query\u2011string token authentication and requires safer header\u2011based authentication flows.", "Configure the application to reject token authentication via query parameters and enforce use of the Authorization header or session\u2011based methods.", "Locate and delete any request logs, browser history, shell history, or clipboard entries that may contain exposed tokens.", "Monitor API usage logs for anomalous activity that could indicate token reuse."], "summary": {"action": "Apply patch", "impact": "Credential exposure via URL query parameter"}, "threat_synthesis": {"affected_systems": "All installations of PinchTab from version 0.7.8 through 0.8.3 that have a bearer token configured and have clients that send the token via the token query parameter are affected; this includes deployments that use the provided examples or helper scripts that generate URLs with the token.", "description_and_impact": "PinchTab versions 0.7.8 through 0.8.3 accepted an API bearer token supplied in a URL query string named token, which meant that the token was embedded in the exact request URI; because many systems record full request URLs in logs, browser history, shell history, clipboard history, or tracing systems, the token could be inadvertently exposed to anyone who could read those records. This flaw is an unsafe credential transport pattern (CWE-598) and results in a loss of confidentiality of the credential without directly granting authentication bypass or remote code execution. The exposure depends on whether a bearer token is configured and a client actually uses the query\u2011parameter form, and it is limited to deployments that adhere to the example flows that generate URLs containing the token.", "risk_and_exploitability": "The CVSS score of 4.3 denotes moderate severity; exploitation requires access to logs or history that contain the full request URL, which may occur via reverse\u2011proxy access logs, browser history, or other tracing systems that capture full URLs. Because the token can be read from these logs, an attacker could later use it to authenticate to the PinchTab API and issue arbitrary commands to the controlled Chrome instance. The EPSS score is not available and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting a lower likelihood of widespread exploitation, but any environment that logs URLs or stores request history remains at risk until it is remediated. The likely attack vector is inferred from the description to be the compromise or reading of logs or user history that hold the token."}}}}, "created": "2026-03-27T08:32:00.398353+00:00", "updated": "2026-03-27T09:23:28.398646+00:00", "vendors": ["pinchtab", "pinchtab$PRODUCT$pinchtab"]}