CVE-2026-45244— Summarize < 0.15.1 Unapproved Browser Automation Execution
Possible ATT&CK Techniques 1AI
T1505.003 · Web ShellGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45244
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Summarize < 0.15.1 Unapproved Browser Automation Execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invoke enabled extension automation tools such as navigation or debugger-backed actions, bypassing the final user approval step when a user interacts with attacker-controlled content.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Summarize 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Summarize是Peter Steinberger个人开发者的一款支持多来源的快速摘要工具。 Summarize 0.15.1之前版本存在安全漏洞,该漏洞源于授权缺失问题,可能导致攻击者在启用扩展自动化功能时无需每次调用用户批准即可执行浏览器自动化操作。攻击者可以通过恶意页面或摘要内容影响代理,调用启用的扩展自动化工具如导航或调试器支持的操作,绕过最终用户批准步骤。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45244
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45244
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-45244 (2)
News Coverage for CVE-2026-45244 (1)
Vendor Pages for CVE-2026-45244 (1)
- 🔗 Release v0.15.2 · steipete/summarize · GitHubrelease-notes
Same Patch Batch · steipete · 2026-05-18 · 5 CVEs total
| CVE-2026-45245 | 7.4 HIGH | Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events |
| CVE-2026-45242 | 7.1 HIGH | Summarize < 0.15.1 Path Traversal via slidesDir Parameter |
| CVE-2026-45243 | 6.1 MEDIUM | Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script |
| CVE-2026-45246 | 5.5 MEDIUM | Summarize < 0.15.1 Insecure File Permissions Information Disclosure |
IV. Related Vulnerabilities
Same product: summarize
- CVE-2026-45246
Summarize < 0.15.1 Insecure File Permissions Information Dis - CVE-2026-45245
Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted - CVE-2026-45242
Summarize < 0.15.1 Path Traversal via slidesDir Parameter - CVE-2026-45243
Summarize < 0.15.1 Browser Extension Missing Authorization v - CVE-2026-45222
Summarize Insecure Daemon Configuration File Permissions
Same vendor: steipete
- CVE-2026-45246
Summarize < 0.15.1 Insecure File Permissions Information Dis - CVE-2026-45245
Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted - CVE-2026-45242
Summarize < 0.15.1 Path Traversal via slidesDir Parameter - CVE-2026-45243
Summarize < 0.15.1 Browser Extension Missing Authorization v - CVE-2026-45222
Summarize Insecure Daemon Configuration File Permissions
Same weakness: CWE-862
- CVE-2026-2601
Missing Authorization in GitLab - CVE-2026-5296
Missing Authorization in GitLab - CVE-2026-45717
Budibase: `PUT /api/datasources/:datasourceId` is protected - CVE-2026-46425
Budibase: SCIM endpoints lack role-based authorization, BASI - CVE-2026-48151
Budibase: Webhook schema endpoint authorization bypass allow
V. Comments for CVE-2026-45244
No comments yet