Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network SSRF via attacker-controlled RSS feed; scope change exposes internal services (C:H); requires user to process the malicious feed (UI:R); no integrity or availability impact demonstrated.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values. Attackers can bypass protections through DNS rebinding and redirect-based techniques, as redirect targets are not revalidated and hostnames are not resolved before request dispatch, exposing internal service responses through the summarization flow.
AnalysisAI
Server-side request forgery in steipete/Summarize before v0.17.0 enables an attacker who controls a podcast RSS feed to coerce the application into fetching transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, and other reserved destinations. The vulnerability is compounded by two bypass mechanisms: DNS rebinding (allowing an attacker to pass an initial hostname check then resolve to an internal target) and unvalidated redirect-following (where intermediate redirect targets are never re-screened). Exploitation exposes internal service responses through the summarization pipeline to the attacker. No active exploitation is confirmed (not in CISA KEV), and no public exploit code has been identified; a vendor patch is available as v0.17.0.
Technical ContextAI
The affected product is cpe:2.3:a:steipete:summarize:*:*:*:*:*:*:*:* in all releases before 0.17.0. Summarize is a CLI and Chrome-extension tool that fetches and summarizes content from various sources, including podcast RSS feeds that may reference external transcript URLs via the podcast:transcript namespace. CWE-918 (Server-Side Request Forgery) describes the root cause: user-supplied URLs are dispatched to the network without adequate validation that the resolved destination is a permitted external host. Two structural weaknesses amplify the base SSRF: first, hostnames are not resolved to their IP addresses before the request is dispatched, so allow/block-list checks based on hostnames or naive IP inspection can be bypassed by DNS rebinding (TTL-expiry rescheduling to an internal IP after the initial check passes); second, HTTP redirects are followed without revalidating the new destination URL against the same block-list rules, meaning an attacker can redirect through a legitimate intermediate host to an internal target.
RemediationAI
The primary remediation is upgrading to Summarize v0.17.0 or later, which contains the vendor-released patch addressing the SSRF root cause (https://github.com/steipete/summarize/releases/tag/v0.17.0; patch commit: https://github.com/steipete/summarize/commit/3c5522440c4833dde033e226baa39e6dda1dfc75). Until upgrade is possible, operators should restrict which podcast RSS feed sources Summarize is permitted to process - for example, by allowing only feeds from a curated allowlist of trusted publishers - which reduces the attacker's ability to inject malicious transcript URLs. As a network-level compensating control, deploying Summarize in a network segment with egress filtering that blocks requests to RFC 1918 ranges, loopback, and link-local addresses at the firewall layer will partially mitigate the SSRF impact, though this does not address DNS rebinding bypasses without also enforcing short DNS TTL policies or using a DNS resolver that rejects internal-resolving responses for external hostnames. Note that redirect-following cannot be safely mitigated at the network layer alone; the application-level fix in v0.17.0 is strongly preferred. VulnCheck advisory: https://www.vulncheck.com/advisories/summarize-ssrf-via-podcast-transcript-url-fetch.
Path traversal in steipete/summarize prior to 0.15.1 lets authenticated callers of the /v1/summarize daemon endpoint wri
Summarize versions through 0.14.1 create daemon configuration files with world-readable permissions, allowing local atta
Insecure file permission assignment in the @steipete/summarize CLI tool exposes configuration files containing API keys
Disk exhaustion in Summarize CLI (all versions before 0.17.0) allows remote attackers who control a podcast feed or medi
Missing authorization in the Summarize browser extension's content script window.postMessage bridge permits any maliciou
Server-side request forgery in the Summarize browser extension prior to version 0.15.2 allows malicious web pages to coe
Missing authorization in the Summarize browser extension (versions prior to 0.15.1/0.15.2, CPE: cpe:2.3:a:steipete:summa
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36308
GHSA-3vx2-vqx8-jxfg