Insecure File Permission Vulnerability in Summarize by Steipete
CVE-2026-45246

6.8MEDIUM

Key Information:

Vendor

Steipete

Status
Summarize
Vendor
CVE Published:
18 May 2026

What is CVE-2026-45246?

An insecure file permission vulnerability exists in the configuration rewrite path of Summarize prior to version 0.15.1. This flaw allows local users on shared Unix-like systems to read sensitive credentials by exploiting the default filesystem permissions. When the configuration file is rewritten without preserving the original permissions, it results in the exposure of critical API keys and provider credentials to unauthorized users. This can lead to significant data breaches and unauthorized access to sensitive information, highlighting the need for careful permission management in application deployments.

Affected Version(s)

summarize 0

summarize 0 < 0.15.1

summarize 9e990193650a23dab73f37d5e1964d574a44098b

References

https://github.com/steipete/summarize/releases/tag/v0.15.2
release-notes
https://github.com/steipete/summarize/pull/217
issue-tracking
https://github.com/steipete/summarize/commit/9e990193650a...
patch

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.