https://feed.craftedsignal.io/products/summarize--0.15.1/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 18 May 2026 20:18:00 +0000https://feed.craftedsignal.io/briefs/2026-05-summarize-mouseover-rce/Mon, 18 May 2026 20:18:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-summarize-mouseover-rce/Summarize versions prior to 0.15.1 contain a vulnerability (CVE-2026-45245) in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events, triggering authenticated daemon requests and potentially exposing sensitive internal endpoints.Summarize, a browser extension, is vulnerable to an authenticated request forgery via synthetic mouseover events. Prior to version 0.15.1, the extension’s hover summary feature fails to validate the trustworthiness of mouseover events. This allows a malicious webpage to dispatch synthetic events over attacker-controlled links. Consequently, the extension makes authenticated daemon requests using stored tokens, potentially routing these requests to local or private-network URLs. This vulnerability, identified as CVE-2026-45245, could enable attackers to access sensitive internal endpoints when users interact with malicious content through the extension.

Attack Chain

1. Attacker crafts a malicious webpage containing attacker-controlled links.
2. The malicious webpage uses JavaScript to dispatch synthetic mouseover events targeting the attacker-controlled links.
3. The Summarize extension’s hover summary feature processes the synthetic mouseover event without proper validation.
4. The extension generates an authenticated request to the daemon, based on the link targeted by the mouseover event.
5. The attacker-controlled link points to a local or private network URL.
6. The extension routes the authenticated request to the specified local or private network URL.
7. If the local or private network URL corresponds to an internal endpoint without proper authorization checks, the attacker may gain unauthorized access.
8. Successful exploitation allows the attacker to read sensitive information from the internal endpoint.

Impact

Successful exploitation of CVE-2026-45245 can allow attackers to access sensitive internal endpoints through a user’s Summarize extension. By placing local or private-network URLs behind hoverable links, attackers can route authenticated requests through the daemon, bypassing network security measures. The impact includes unauthorized access to internal resources and potential data exfiltration.

Recommendation

• Upgrade the Summarize extension to version 0.15.1 or later to remediate CVE-2026-45245.
• Deploy the Sigma rule “Detect Summarize Extension Synthetic Mouseover Event” to identify potential exploitation attempts.
• Educate users about the risks of interacting with untrusted webpages and the potential for malicious mouseover events.

]]>highadvisorycve-2026-45245browser-extensionauthenticated-request-forgerymouseover-eventhttps://feed.craftedsignal.io/briefs/2026-05-summarize-path-traversal/Mon, 18 May 2026 19:18:09 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-summarize-path-traversal/Summarize versions prior to 0.15.1 are vulnerable to path traversal in the /v1/summarize daemon endpoint, allowing authenticated callers to write files to arbitrary directories via the slidesDir request parameter and subsequently delete files.Summarize versions prior to 0.15.1 are susceptible to a path traversal vulnerability in the /v1/summarize daemon endpoint. This flaw allows authenticated users to write arbitrary files to any directory on the system where the Summarize application has write permissions. The vulnerability is triggered by manipulating the slidesDir request parameter, enabling attackers to inject absolute paths or directory traversal sequences. This can be exploited to write slide_*.png and slides.json files to locations outside of the intended directory and subsequently delete them, potentially leading to denial of service or other unexpected behavior. Defenders should ensure that Summarize is updated to version 0.15.1 or later to mitigate this risk.

Attack Chain

1. Attacker authenticates to the Summarize application.
2. Attacker crafts a malicious HTTP POST request to the /v1/summarize endpoint.
3. The request includes a slidesDir parameter containing a path traversal sequence (e.g., ../../) or an absolute path pointing to a sensitive directory.
4. The Summarize application processes the request without proper sanitization of the slidesDir parameter.
5. The application writes slide_*.png and slides.json files to the attacker-specified location.
6. The attacker sends a subsequent request to trigger the file deletion functionality, targeting the previously written files.
7. The Summarize application deletes the files at the specified location, leading to potential data loss or system instability.

Impact

Successful exploitation allows authenticated attackers to write and delete files in arbitrary directories accessible to the Summarize application. This can lead to data corruption, denial of service, or potentially arbitrary code execution if combined with other vulnerabilities or misconfigurations. The NVD rates this vulnerability with a CVSS v3.1 base score of 7.1, indicating a high severity.

Recommendation

• Upgrade Summarize to version 0.15.1 or later to remediate CVE-2026-45242.
• Deploy the Sigma rule “Detect Summarize Path Traversal Attempt via slidesDir” to identify potential exploitation attempts by monitoring HTTP requests to the /v1/summarize endpoint.
• Implement input validation and sanitization on the slidesDir parameter to prevent path traversal attacks.

]]>highadvisorypath-traversalvulnerabilityweb-application