CVE-2026-33622 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-33622 PUBLISHED CVSS 6.099999904632568 MEDIUM

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

Risk Scores

CVSS v4.0

6.099999904632568

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:N/SA:N

Affected Products

Vendor	Product	Versions
github.com	pinchtab/pinchtab/cmd/pinchtab	0.8.3, 0.8.3
pinchtab	pinchtab	>= 0.8.3, <= 0.8.5, >= 0.8.3, <= 0.8.5
github.com	pinchtab/pinchtab	0.8.3, 0.8.3

Timeline

Mar 24, 2026 CVE Published
Mar 25, 2026 Security Advisory
Mar 27, 2026 CVE Updated

References

Open in Interactive Console →