{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/summarize--0.15.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-45245"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Summarize \u003c 0.15.1"],"_cs_severities":["high"],"_cs_tags":["cve-2026-45245","browser-extension","authenticated-request-forgery","mouseover-event"],"_cs_type":"advisory","_cs_vendors":["Summarize"],"content_html":"\u003cp\u003eSummarize, a browser extension, is vulnerable to an authenticated request forgery via synthetic mouseover events. Prior to version 0.15.1, the extension\u0026rsquo;s hover summary feature fails to validate the trustworthiness of mouseover events. This allows a malicious webpage to dispatch synthetic events over attacker-controlled links. Consequently, the extension makes authenticated daemon requests using stored tokens, potentially routing these requests to local or private-network URLs. This vulnerability, identified as CVE-2026-45245, could enable attackers to access sensitive internal endpoints when users interact with malicious content through the extension.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious webpage containing attacker-controlled links.\u003c/li\u003e\n\u003cli\u003eThe malicious webpage uses JavaScript to dispatch synthetic \u003ccode\u003emouseover\u003c/code\u003e events targeting the attacker-controlled links.\u003c/li\u003e\n\u003cli\u003eThe Summarize extension\u0026rsquo;s hover summary feature processes the synthetic \u003ccode\u003emouseover\u003c/code\u003e event without proper validation.\u003c/li\u003e\n\u003cli\u003eThe extension generates an authenticated request to the daemon, based on the link targeted by the \u003ccode\u003emouseover\u003c/code\u003e event.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled link points to a local or private network URL.\u003c/li\u003e\n\u003cli\u003eThe extension routes the authenticated request to the specified local or private network URL.\u003c/li\u003e\n\u003cli\u003eIf the local or private network URL corresponds to an internal endpoint without proper authorization checks, the attacker may gain unauthorized access.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation allows the attacker to read sensitive information from the internal endpoint.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45245 can allow attackers to access sensitive internal endpoints through a user\u0026rsquo;s Summarize extension. By placing local or private-network URLs behind hoverable links, attackers can route authenticated requests through the daemon, bypassing network security measures. The impact includes unauthorized access to internal resources and potential data exfiltration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Summarize extension to version 0.15.1 or later to remediate CVE-2026-45245.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Summarize Extension Synthetic Mouseover Event\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of interacting with untrusted webpages and the potential for malicious mouseover events.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T20:18:00Z","date_published":"2026-05-18T20:18:00Z","id":"https://feed.craftedsignal.io/briefs/2026-05-summarize-mouseover-rce/","summary":"Summarize versions prior to 0.15.1 contain a vulnerability (CVE-2026-45245) in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events, triggering authenticated daemon requests and potentially exposing sensitive internal endpoints.","title":"Summarize Extension Mouseover Authenticated Request Vulnerability (CVE-2026-45245)","url":"https://feed.craftedsignal.io/briefs/2026-05-summarize-mouseover-rce/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-45242"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Summarize \u003c 0.15.1"],"_cs_severities":["high"],"_cs_tags":["path-traversal","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSummarize versions prior to 0.15.1 are susceptible to a path traversal vulnerability in the \u003ccode\u003e/v1/summarize\u003c/code\u003e daemon endpoint. This flaw allows authenticated users to write arbitrary files to any directory on the system where the Summarize application has write permissions. The vulnerability is triggered by manipulating the \u003ccode\u003eslidesDir\u003c/code\u003e request parameter, enabling attackers to inject absolute paths or directory traversal sequences. This can be exploited to write \u003ccode\u003eslide_*.png\u003c/code\u003e and \u003ccode\u003eslides.json\u003c/code\u003e files to locations outside of the intended directory and subsequently delete them, potentially leading to denial of service or other unexpected behavior. Defenders should ensure that Summarize is updated to version 0.15.1 or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Summarize application.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP POST request to the \u003ccode\u003e/v1/summarize\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a \u003ccode\u003eslidesDir\u003c/code\u003e parameter containing a path traversal sequence (e.g., \u003ccode\u003e../../\u003c/code\u003e) or an absolute path pointing to a sensitive directory.\u003c/li\u003e\n\u003cli\u003eThe Summarize application processes the request without proper sanitization of the \u003ccode\u003eslidesDir\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application writes \u003ccode\u003eslide_*.png\u003c/code\u003e and \u003ccode\u003eslides.json\u003c/code\u003e files to the attacker-specified location.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a subsequent request to trigger the file deletion functionality, targeting the previously written files.\u003c/li\u003e\n\u003cli\u003eThe Summarize application deletes the files at the specified location, leading to potential data loss or system instability.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows authenticated attackers to write and delete files in arbitrary directories accessible to the Summarize application. This can lead to data corruption, denial of service, or potentially arbitrary code execution if combined with other vulnerabilities or misconfigurations. The NVD rates this vulnerability with a CVSS v3.1 base score of 7.1, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Summarize to version 0.15.1 or later to remediate CVE-2026-45242.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Summarize Path Traversal Attempt via slidesDir\u0026rdquo; to identify potential exploitation attempts by monitoring HTTP requests to the \u003ccode\u003e/v1/summarize\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003eslidesDir\u003c/code\u003e parameter to prevent path traversal attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T19:18:09Z","date_published":"2026-05-18T19:18:09Z","id":"https://feed.craftedsignal.io/briefs/2026-05-summarize-path-traversal/","summary":"Summarize versions prior to 0.15.1 are vulnerable to path traversal in the /v1/summarize daemon endpoint, allowing authenticated callers to write files to arbitrary directories via the slidesDir request parameter and subsequently delete files.","title":"Summarize Path Traversal Vulnerability (CVE-2026-45242)","url":"https://feed.craftedsignal.io/briefs/2026-05-summarize-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Summarize \u003c 0.15.1","version":"https://jsonfeed.org/version/1.1"}