What is the CVSS score of CVE-2026-30834?

CVE-2026-30834 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Chrome are affected by CVE-2026-30834?

CVE-2026-30834 is a HIGH severity vulnerability affecting PinchTab, an HTTP server that provides AI agents direct control over Chrome browsers.. A patch is available.

Is there a public PoC exploit available for CVE-2026-30834?

Yes, a public proof-of-concept exploit is available for CVE-2026-30834. Prioritise patching immediately. EPSS: 0.0%.

Chrome CVE-2026-30834

HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-03-07 security-advisories@github.com

GHSA-rw8p-c6hf-q3pg

Chrome SSRF Pinchtab Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 11, 2026 - 20:30 vuln.today

Public exploit code

CVE Published

Mar 07, 2026 - 16:15 nvd

HIGH 7.5

DescriptionNVD

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files, and exfiltrate the full response content. This issue has been patched in version 0.7.7.

AnalysisAI

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. [CVSS 7.5 HIGH]

RemediationAI

Within 24 hours: Identify all systems running PinchTab and isolate them from production networks; disable PinchTab services if not critical to operations. Within 7 days: Implement network segmentation to restrict PinchTab access to specific trusted networks only; deploy Web Application Firewall rules to monitor and block suspicious HTTP requests to PinchTab instances. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-30834 vulnerability details – vuln.today

Back

Chrome CVE-2026-30834

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code