Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit this to write slide_*.png and slides.json files to any writable directory and subsequently delete matching files at the specified location through repeat extraction.
AnalysisAI
Path traversal in steipete/summarize prior to 0.15.1 lets authenticated callers of the /v1/summarize daemon endpoint write slide_*.png and slides.json files to arbitrary directories by supplying an absolute path or traversal sequences in the slidesDir parameter, and subsequently delete matching files via repeat extraction. The flaw, reported by VulnCheck and patched in v0.15.2, enables file write and limited destructive impact across the filesystem; no public exploit identified at time of analysis.
Technical ContextAI
Summarize is a JavaScript/Node.js CLI and daemon distributed via npm as @steipete/summarize (and @steipete/summarize-core) that converts content into slide artifacts. The vulnerable code path is the daemon's /v1/summarize HTTP endpoint, which accepts a slidesDir parameter and uses it as the output directory for slide_*.png images and slides.json without validating that the supplied value is constrained to an expected base directory. This is a classic CWE-862 (Missing Authorization) on the path parameter - the endpoint authenticates the caller but does not authorize what filesystem locations they may target - resulting in path traversal via absolute paths or ../ sequences. The v0.15.2 release notes confirm the fix rejects traversal and symlinked cache image paths while still permitting valid child paths that legitimately begin with dot-dot text.
RemediationAI
Vendor-released patch: upgrade to @steipete/summarize and @steipete/summarize-core version 0.15.2 or later (npm latest as of 2026-05-17), which rejects traversal and symlinked cache image paths in the slides handler per the release notes and the fix commit ec8efd63295656fbfe8743620179c489bc5a242f (PR #220). Where immediate upgrade is not possible, bind the daemon to loopback only and firewall the /v1/summarize endpoint so only trusted local processes can reach it (trade-off: blocks legitimate remote daemon clients), run the daemon as a dedicated unprivileged user with a restrictive umask and no write access outside its intended slide output directory to limit the blast radius of arbitrary writes/deletes, and rotate any shared daemon authentication tokens that low-privileged users could currently use. Refer to https://github.com/steipete/summarize/releases/tag/v0.15.2 and the VulnCheck advisory for authoritative guidance.
Summarize versions through 0.14.1 create daemon configuration files with world-readable permissions, allowing local atta
Insecure file permission assignment in the @steipete/summarize CLI tool exposes configuration files containing API keys
Server-side request forgery in steipete/Summarize before v0.17.0 enables an attacker who controls a podcast RSS feed to
Disk exhaustion in Summarize CLI (all versions before 0.17.0) allows remote attackers who control a podcast feed or medi
Missing authorization in the Summarize browser extension's content script window.postMessage bridge permits any maliciou
Server-side request forgery in the Summarize browser extension prior to version 0.15.2 allows malicious web pages to coe
Missing authorization in the Summarize browser extension (versions prior to 0.15.1/0.15.2, CPE: cpe:2.3:a:steipete:summa
Same weakness CWE-862 – Missing Authorization
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30797
GHSA-8jr4-6r33-phwm