CVE-2026-33623 Overview
CVE-2026-33623 is a command injection vulnerability affecting PinchTab, a standalone HTTP server designed to give AI agents direct control over a Chrome browser. The vulnerability exists in version 0.8.4 specifically within the Windows-only orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine constructs a PowerShell -Command string using a needle derived from the profile path. The string interpolation mechanism escapes backslashes but fails to safely neutralize other PowerShell metacharacters, potentially allowing attackers to execute arbitrary PowerShell commands on the Windows host.
Critical Impact
Authenticated attackers with administrative-equivalent API access can execute arbitrary PowerShell commands on Windows hosts in the security context of the PinchTab process user.
Affected Products
- PinchTab v0.8.4 (Windows only)
- PinchTab versions prior to v0.8.5
Discovery Timeline
- 2026-03-26 - CVE CVE-2026-33623 published to NVD
- 2026-03-26 - Last updated in NVD database
Technical Details for CVE-2026-33623
Vulnerability Analysis
This command injection vulnerability (CWE-78) resides in PinchTab's Windows-specific cleanup routine for orphaned Chrome browser instances. The vulnerability is not an unauthenticated internet RCE; exploitation requires authenticated, administrative-equivalent API access to instance lifecycle endpoints. The resulting command execution inherits the permissions of the PinchTab OS user rather than bypassing host privilege boundaries.
The attack scenario involves an attacker who can launch an instance using a specially crafted profile name and subsequently trigger the cleanup path. This requires prior access to the PinchTab API with sufficient privileges to manage instance lifecycles.
Root Cause
The root cause is improper input validation in the PowerShell command string construction. While the code properly escapes backslashes in the needle parameter derived from the profile path, it does not neutralize other PowerShell metacharacters such as backticks, dollar signs, parentheses, and semicolons. This incomplete sanitization allows specially crafted profile names to break out of the intended command context and inject arbitrary PowerShell syntax.
Attack Vector
The attack vector is network-based, requiring authenticated access to PinchTab's administrative API endpoints. An attacker must:
- Obtain authenticated access to PinchTab's instance lifecycle API endpoints
- Create an instance with a maliciously crafted profile name containing PowerShell metacharacters
- Trigger the Windows cleanup path (e.g., by stopping the instance)
- Achieve command execution in the context of the PinchTab process user
The security patch introduces the safelog package and adjusts runtime safety configurations. Below is a portion of the patch:
"github.com/pinchtab/pinchtab/internal/cli"
"github.com/pinchtab/pinchtab/internal/config"
+ "github.com/pinchtab/pinchtab/internal/safelog"
"github.com/pinchtab/pinchtab/internal/server"
"github.com/spf13/cobra"
)
Source: GitHub Commit Details
Detection Methods for CVE-2026-33623
Indicators of Compromise
- Unusual PowerShell process spawned as a child of the PinchTab process
- API requests to instance lifecycle endpoints containing special characters in profile names
- Unexpected command execution patterns following PinchTab instance termination on Windows hosts
Detection Strategies
- Monitor for PowerShell processes spawned by PinchTab with suspicious command-line arguments containing metacharacters
- Audit API access logs for instance creation requests with unusual profile naming patterns
- Implement application-level logging for profile path values passed to the cleanup routine
- Use endpoint detection solutions to identify command injection patterns in PowerShell execution
Monitoring Recommendations
- Enable enhanced logging on PinchTab instance lifecycle operations
- Configure Windows event logging to capture PowerShell script block execution (Event ID 4104)
- Implement API request filtering to detect and alert on profile names containing PowerShell metacharacters
How to Mitigate CVE-2026-33623
Immediate Actions Required
- Upgrade PinchTab to version 0.8.5 or later immediately
- Review API access controls and restrict administrative access to instance lifecycle endpoints
- Audit existing profile names for any suspicious patterns or metacharacters
- Monitor for signs of exploitation on Windows hosts running affected versions
Patch Information
The vulnerability has been patched in PinchTab version 0.8.5. The fix tightens the instance API, implements runtime safety caps, and improves security posture. For detailed patch information, refer to the GitHub Security Advisory GHSA-p8mm-644p-phmh and the commit that addresses this issue.
Workarounds
- Restrict network access to PinchTab API endpoints to trusted sources only
- Implement input validation at the API layer to reject profile names containing PowerShell metacharacters
- Run PinchTab with minimal OS user privileges to limit the impact of potential command execution
- Consider using Linux hosts instead of Windows until the patch can be applied
# Restrict PinchTab API access to localhost only (temporary workaround)
# Configure firewall to block external access to PinchTab port
netsh advfirewall firewall add rule name="Block PinchTab External" dir=in action=block protocol=tcp localport=<PINCHTAB_PORT> remoteip=any
netsh advfirewall firewall add rule name="Allow PinchTab Localhost" dir=in action=allow protocol=tcp localport=<PINCHTAB_PORT> remoteip=127.0.0.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
