Path Traversal Vulnerability in Summarize by Steipete
CVE-2026-45242

7.1HIGH

Key Information:

Vendor

Steipete

Status
Summarize
Vendor
CVE Published:
18 May 2026

What is CVE-2026-45242?

The Summarize application, prior to version 0.15.1, is vulnerable to a path traversal issue within the /v1/summarize daemon endpoint. This vulnerability allows authenticated users to craft requests that include an absolute path or a directory traversal sequence in the slidesDir parameter. By exploiting this flaw, attackers may write files - such as slide_*.png images and a slides.json file - to any directory that is writable, potentially leading to unauthorized data manipulation and deletions. It is crucial to upgrade to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

summarize 0

summarize 0 < 0.15.1

summarize ec8efd63295656fbfe8743620179c489bc5a242f

References

https://github.com/steipete/summarize/releases/tag/v0.15.2
release-notes
https://github.com/steipete/summarize/pull/220
issue-tracking
https://github.com/steipete/summarize/commit/ec8efd632956...
patch

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.