CVE-2026-45244

LOW EPSS 13.4%
Published May 18, 20261mo ago · Modified Jun 17, 20262w ago
2.1 CVSS 4.0
Low
Find Similar
Published May 18, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invoke enabled extension automation tools such as navigation or debugger-backed actions, bypassing the final user approval step when a user interacts with attacker-controlled content.

CVSS Details

Base Score
2.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
13.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
steipetesummarize* <0.15.1

References 4

  • github.com https://github.com/steipete/summarize/commit/e64fe3ecd1bb4fdc181dcfa88c96b9e1914ced0e
    Patch
  • github.com https://github.com/steipete/summarize/pull/219
    ExploitIssue TrackingPatch
  • github.com https://github.com/steipete/summarize/releases/tag/v0.15.2
    Release Notes
  • vulncheck.com https://www.vulncheck.com/advisories/summarize-unapproved-browser-automation-execution
    Third Party Advisory

Remediation

  • github.com https://github.com/steipete/summarize/commit/e64fe3ecd1bb4fdc181dcfa88c96b9e1914ced0e
    Patch
  • github.com https://github.com/steipete/summarize/pull/219
    ExploitIssue TrackingPatch