CVE-2026-45242
Summarize Daemon Path Traversal Vulnerability
Publication date: 2026-05-18
Last updated on: 2026-05-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| steipete | summarize | to 0.15.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Summarize versions prior to 0.15.1 and involves a path traversal issue in the /v1/summarize daemon endpoint.
Authenticated users can exploit this vulnerability by providing an absolute path or directory traversal sequence in the slidesDir request parameter.
This allows them to write files named slide_*.png and slides.json to arbitrary writable directories on the system.
Additionally, attackers can delete matching files at the specified locations through repeated extraction.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to write and delete files in arbitrary directories on your system.
Such unauthorized file manipulation can lead to data integrity issues, potential disruption of services, or unauthorized modification of important files.
While it does not directly affect confidentiality, it has a high impact on integrity and a low impact on availability according to the CVSS scores.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to write and delete files arbitrarily on the host filesystem, which can lead to unauthorized modification or deletion of data. This poses risks to data integrity and availability.
Such unauthorized file system access and potential data manipulation could impact compliance with standards like GDPR and HIPAA, which require protection of data integrity and availability, as well as controls against unauthorized access.
However, the provided information does not explicitly discuss compliance impacts or specific regulatory consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring authenticated API requests to the /v1/summarize daemon endpoint that include the slidesDir parameter with absolute paths or directory traversal sequences.
Commands or methods to detect exploitation attempts could include inspecting logs for suspicious slidesDir parameter values that contain patterns like '../' or absolute filesystem paths.
For example, using grep on server logs to find such requests:
- grep -E 'slidesDir=.*(\.{2}/|/)' /path/to/summarize/logs/access.log
Additionally, monitoring file creation or deletion events for slide_*.png and slides.json files outside the expected ~/.summarize/slides directory could indicate exploitation.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the Summarize tool to version 0.15.1 or later, which includes a fix that restricts slide output paths to the user's ~/.summarize/slides directory.
The fix ignores any user-supplied slidesDir parameter and hardcodes the output directory, preventing path traversal attacks.
Until the update is applied, restrict access to the /v1/summarize daemon endpoint to trusted authenticated users only, and monitor for suspicious activity involving the slidesDir parameter.
Review and apply any available regression tests or security patches provided by the Summarize project to ensure the vulnerability is fully addressed.