HIGHCVE-2026-45242Published 2026-05-18Modified 2026-05-18CNA VulnCheck

CVE-2026-45242: Summarize < 0.15.1 Path Traversal via slidesDir Parameter

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit this to write slide_*.png and slides.json files to any writable directory and subsequently delete matching files at the specified location through repeat extraction.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 0.15.1
Affected Products: 1

Fix available

0.15.1ec8efd63295656fbfe8743620179c489bc5a242f

Patch commits

github.com

Affected packages

steipete / summarize
< 0.15.1 (from 0)
Fixed in ec8efd63295656fbfe8743620179c489bc5a242f

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

References

github.com
github.com
github.com
vulncheck.com

Metrics

Fix available