What is CVE-2026-33620?

CVE-2026-33620 is a medium-severity vulnerability in Pinchtab, classified under CWE-598. CVSS score: 4.3/10. Published 2026-03-26.

How severe is CVE-2026-33620?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Pinchtab

CVE-2026-33620

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a…

EPSS: 0.001 (25.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N.

Affected products

Pinchtab — versions >= 0.7.8, < 0.8.4

Weakness classification (CWE)

CWE-598

References

https://github.com/pinchtab/pinchtab/security/advisories/GHSA-mrqc-3276-74f8 (x_refsource_CONFIRM)
https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33620?: CVE-2026-33620 is a medium-severity vulnerability in Pinchtab, classified under CWE-598. CVSS score: 4.3/10. Published 2026-03-26.
How severe is CVE-2026-33620?: Medium severity. CVSS v3 base score is 4.3 out of 10.