Hover Summary Feature Vulnerability in Summarize by Steipete
CVE-2026-45245

4.6MEDIUM

Key Information:

Vendor

Steipete

Status
Summarize
Vendor
CVE Published:
18 May 2026

What is CVE-2026-45245?

The Summarize extension for browsers prior to version 0.15.1 contains a vulnerability in its hover summary feature. This flaw allows malicious pages to generate synthetic mouseover events over links that are controlled by the attacker. Consequently, the extension may execute authenticated daemon requests using stored user tokens without verifying the authenticity of the event. This can lead to the unintended exposure of sensitive internal endpoints, as attackers can manipulate local or private-network URLs through hoverable links, thus leveraging user interactions with deceptive content.

Affected Version(s)

summarize 0

summarize 0 < 0.15.1

summarize ecbb2c414255aa480a15d0d8b205224c14cfdbcb

References

https://github.com/steipete/summarize/releases/tag/v0.15.2
release-notes
https://github.com/steipete/summarize/pull/218
issue-tracking
https://github.com/steipete/summarize/commit/ecbb2c414255...
patch

CVSS V4

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.