Is there a patch available for CVE-2026-45246?

Yes, a patch is available for CVE-2026-45246. Update the affected software to the latest version immediately.

Summarize CVE-2026-45246

Q: What is the CVSS score of CVE-2026-45246?

CVE-2026-45246 has a CVSS 4.0 base score of 6.8 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-30799 MEDIUM

Incorrect Permission Assignment for Critical Resource (CWE-732)

2026-05-18 VulnCheck

GHSA-cjvq-x32c-xrmv

Information Disclosure

6.8

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 18, 2026 - 20:22 NVD

5.5 (MEDIUM) 6.8 (MEDIUM)

Source Code Evidence Fetched

May 18, 2026 - 20:01 vuln.today

Analysis Generated

May 18, 2026 - 20:01 vuln.today

DescriptionNVD

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates the replacement with default process umask permissions instead of preserving the original file permissions, exposing the config file containing API keys and provider credentials to other local users on shared Unix-like systems.

AnalysisAI

Insecure file permission assignment in the @steipete/summarize CLI tool exposes configuration files containing API keys and provider credentials to other local users on shared Unix-like systems. All versions prior to 0.15.1 (CPE: cpe:2.3:a:steipete:summarize) are affected via a specific code path - the refresh-free configuration rewrite - that creates replacement config files using the process default umask rather than preserving original file permissions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45246 vulnerability details – vuln.today

Back

Summarize CVE-2026-45246

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Summarize CVE-2026-45246

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code