Steipete Summarize
6 CVEs affecting Steipete Summarize. Latest disclosed: 2026-05-18. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45245 | High | 7.4 | 2026-05-18 | Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacke… |
CVE-2026-45242 | High | 7.1 | 2026-05-18 | Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbi… |
CVE-2026-45243 | Medium | 6.1 | 2026-05-18 | Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform… |
CVE-2026-45222 | Medium | 6.1 | 2026-05-11 | Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be… |
CVE-2026-45246 | Medium | 5.5 | 2026-05-18 | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sen… |
CVE-2026-45244 | Medium | 5.4 | 2026-05-18 | Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user appr… |