Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-delivered attack requires victim to invoke CLI against malicious feed (UI:R); attacker needs no authentication; only local disk availability is impacted (A:L, S:U, C:N, I:N).
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.
AnalysisAI
Disk exhaustion in Summarize CLI (all versions before 0.17.0) allows remote attackers who control a podcast feed or media URL to cause denial of service by circumventing the tool's enforced media download size limit. The size cap can be bypassed through missing or misreported Content-Length headers, chunked transfer encoding, or deliberately failed HEAD requests, causing the CLI's temp-file download path to stream an unbounded response directly to local storage. No active exploitation has been confirmed (not listed in CISA KEV), no public proof-of-concept has been identified, and EPSS data is unavailable; however, the zero authentication requirement on the attacker side and low attack complexity make this a credible threat for users who process untrusted or third-party feeds.
Technical ContextAI
Summarize is an open-source CLI tool (CPE: cpe:2.3:a:steipete:summarize:*:*:*:*:*:*:*:*) designed for summarizing podcast and media content. The root cause maps to CWE-770 (Allocation of Resources Without Limits or Throttling): the CLI attempts to enforce a maximum size on media downloads, but the enforcement logic depends on HTTP-level signals - Content-Length headers and HEAD request pre-checks - that an attacker-controlled server can omit, falsify, or fail. HTTP chunked transfer encoding provides an additional bypass because chunk sizes are declared incrementally rather than upfront. Because no secondary, filesystem-level size guard caps the temp-file write path, the download loop can consume all available disk space. The vulnerability affects the CLI's core media fetch path and is triggered by processing any podcast feed or media URL whose origin the attacker controls.
RemediationAI
Upgrade Summarize CLI to version 0.17.0 or later; this is the vendor-released patch confirmed by the GitHub release tag, PR #237 (https://github.com/steipete/summarize/pull/237), and the fix commit at https://github.com/steipete/summarize/commit/14de194c24c5e0fba4bdb4a6f7766eb6ea3ed750. If immediate upgrade is not possible, restrict the CLI from processing untrusted or third-party podcast feeds and media URLs - this eliminates the attacker's control over the media origin but does not fix the underlying flaw and may break legitimate use cases involving external feeds. As an additional compensating control for automated pipeline deployments, apply OS-level disk quotas or cgroups storage limits on the process to cap the maximum disk any single invocation can consume; this limits blast radius but does not prevent the exhaustion attempt from triggering errors. No other workarounds are referenced in the available data.
Path traversal in steipete/summarize prior to 0.15.1 lets authenticated callers of the /v1/summarize daemon endpoint wri
Summarize versions through 0.14.1 create daemon configuration files with world-readable permissions, allowing local atta
Insecure file permission assignment in the @steipete/summarize CLI tool exposes configuration files containing API keys
Server-side request forgery in steipete/Summarize before v0.17.0 enables an attacker who controls a podcast RSS feed to
Missing authorization in the Summarize browser extension's content script window.postMessage bridge permits any maliciou
Server-side request forgery in the Summarize browser extension prior to version 0.15.2 allows malicious web pages to coe
Missing authorization in the Summarize browser extension (versions prior to 0.15.1/0.15.2, CPE: cpe:2.3:a:steipete:summa
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36307
GHSA-q9xm-f36c-xm3q