CVE-2026-45246

216.73.217.22

· Published 18/05/2026 20:16 · Modified 19/05/2026 01:34

Labels: CVE-2026-45246 2026-05-18 CVE-2026-45246 CWE-732 [email protected]

Essential information

Published: 18/05/2026 20:16
Modified: 19/05/2026 01:34
Author: —
Creator: —
CVSS: 6.8 MEDIUM (v3) 6.8 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates the replacement with default process umask permissions instead of preserving the original file permissions, exposing the config file containing API keys and provider credentials to other local users on shared Unix-like systems.

NVD status

Status: Analyzed — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
steipete / summarize	`cpe:2.3:a:steipete:summarize::::::::`