Home

Description

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit this to write slide_*.png and slides.json files to any writable directory and subsequently delete matching files at the specified location through repeat extraction.

PUBLISHED Reserved 2026-05-11 | Published 2026-05-18 | Updated 2026-05-18 | Assigner VulnCheck




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Problem types

Missing Authorization

Product status

Default status
affected

Any version before 0.15.1
affected

ec8efd63295656fbfe8743620179c489bc5a242f (git)
unaffected

Credits

Chia Min Jun Lennon finder

References

github.com/steipete/summarize/pull/220 exploit

github.com/steipete/summarize/releases/tag/v0.15.2 release-notes

github.com/steipete/summarize/pull/220 issue-tracking

github.com/...ommit/ec8efd63295656fbfe8743620179c489bc5a242f patch

www.vulncheck.com/...-path-traversal-via-slidesdir-parameter third-party-advisory

cve.org (CVE-2026-45242)

nvd.nist.gov (CVE-2026-45242)

Download JSON