CVE-2026-30834
Received Received - Intake
SSRF Vulnerability in PinchTab /download Endpoint Allows Data Exfiltration

Publication date: 2026-03-07

Last updated on: 2026-03-11

Assigner: GitHub, Inc.

Description
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files, and exfiltrate the full response content. This issue has been patched in version 0.7.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30834
EUVD
EUVD-2026-10167
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pinchtab pinchtab to 0.7.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-30834 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in the PinchTab application, affecting versions prior to 0.7.7.'}, {'type': 'paragraph', 'content': "The vulnerability exists in the /download endpoint, where a user-supplied URL parameter is passed directly to the server's headless Chrome instance without validation or sanitization."}, {'type': 'paragraph', 'content': 'This allows an attacker with API access to make the PinchTab server request arbitrary URLs, including local system files (e.g., file:///etc/passwd), internal network services, and cloud metadata endpoints.'}, {'type': 'paragraph', 'content': 'The server then returns the full response content from these requests to the attacker, enabling exfiltration of sensitive data.'}] [1]

Impact Analysis

This vulnerability can severely impact confidentiality by allowing attackers to read sensitive local files, access internal network services, and retrieve cloud provider metadata.

Attackers can exploit this without any privileges or user interaction, and with low complexity, making it highly accessible.

Potential impacts include exposure of sensitive data, internal infrastructure probing, and unauthorized access to internal management interfaces or cloud credentials.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access the vulnerable /download endpoint with crafted URLs that exploit the SSRF issue. For example, sending requests to the /download endpoint with URLs pointing to local files or internal services can reveal if the server is vulnerable.'}, {'type': 'list_item', 'content': 'Use curl commands to test the /download endpoint, such as:'}, {'type': 'list_item', 'content': 'curl -X GET "http://localhost:9867/download?url=file:///etc/passwd" to check if local files can be accessed.'}, {'type': 'list_item', 'content': 'curl -X GET "http://localhost:9867/download?url=http://localhost:8080/internal-admin" to check access to internal network services.'}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the PinchTab application to version 0.7.7 or later, where this SSRF vulnerability in the /download endpoint has been patched.

Until the upgrade can be performed, restrict or disable access to the /download endpoint to trusted users only, and avoid exposing the API externally to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30834. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart