{"data":{"id":"91778ea0-656b-4820-a392-5dbe329df587","title":"CVE-2026-30834: PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, ","summary":"PinchTab is an HTTP server that lets AI agents control a Chrome browser. Before version 0.7.7, it had a Server-Side Request Forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making requests to places it shouldn't, like internal networks or local files) in its /download endpoint that let any user with API access make the server request arbitrary URLs and steal the responses.","solution":"This issue has been patched in version 0.7.7.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-30834","publishedAt":"2026-03-07T16:15:56.057Z","cveId":"CVE-2026-30834","cweIds":["CWE-918"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PinchTab"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00032,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}