Missing Authorization Vulnerability in Summarize Browser Extension by Steipete
CVE-2026-45244

2.1LOW

Key Information:

Vendor

Steipete

Status
Summarize
Vendor
CVE Published:
18 May 2026

What is CVE-2026-45244?

The Summarize browser extension by Steipete has a missing authorization vulnerability, allowing attackers to execute automation actions without user consent when the extension's automation feature is active. This vulnerability can be exploited if an attacker lures a user into engaging with malicious content, hence enabling unauthorized actions such as navigation or other automation processes. The affected versions prior to 0.15.1 fail to properly verify user approval, creating a critical security flaw that could lead to unauthorized manipulation of browser behavior.

Affected Version(s)

summarize 0

summarize 0 < 0.15.1

summarize e64fe3ecd1bb4fdc181dcfa88c96b9e1914ced0e

References

https://github.com/steipete/summarize/releases/tag/v0.15.2
release-notes
https://github.com/steipete/summarize/pull/219
issue-tracking
https://github.com/steipete/summarize/commit/e64fe3ecd1bb...
patch

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.