{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/summarize/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-45245"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Summarize \u003c 0.15.1"],"_cs_severities":["high"],"_cs_tags":["cve-2026-45245","browser-extension","authenticated-request-forgery","mouseover-event"],"_cs_type":"advisory","_cs_vendors":["Summarize"],"content_html":"\u003cp\u003eSummarize, a browser extension, is vulnerable to an authenticated request forgery via synthetic mouseover events. Prior to version 0.15.1, the extension\u0026rsquo;s hover summary feature fails to validate the trustworthiness of mouseover events. This allows a malicious webpage to dispatch synthetic events over attacker-controlled links. Consequently, the extension makes authenticated daemon requests using stored tokens, potentially routing these requests to local or private-network URLs. This vulnerability, identified as CVE-2026-45245, could enable attackers to access sensitive internal endpoints when users interact with malicious content through the extension.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious webpage containing attacker-controlled links.\u003c/li\u003e\n\u003cli\u003eThe malicious webpage uses JavaScript to dispatch synthetic \u003ccode\u003emouseover\u003c/code\u003e events targeting the attacker-controlled links.\u003c/li\u003e\n\u003cli\u003eThe Summarize extension\u0026rsquo;s hover summary feature processes the synthetic \u003ccode\u003emouseover\u003c/code\u003e event without proper validation.\u003c/li\u003e\n\u003cli\u003eThe extension generates an authenticated request to the daemon, based on the link targeted by the \u003ccode\u003emouseover\u003c/code\u003e event.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled link points to a local or private network URL.\u003c/li\u003e\n\u003cli\u003eThe extension routes the authenticated request to the specified local or private network URL.\u003c/li\u003e\n\u003cli\u003eIf the local or private network URL corresponds to an internal endpoint without proper authorization checks, the attacker may gain unauthorized access.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation allows the attacker to read sensitive information from the internal endpoint.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45245 can allow attackers to access sensitive internal endpoints through a user\u0026rsquo;s Summarize extension. By placing local or private-network URLs behind hoverable links, attackers can route authenticated requests through the daemon, bypassing network security measures. The impact includes unauthorized access to internal resources and potential data exfiltration.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Summarize extension to version 0.15.1 or later to remediate CVE-2026-45245.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Summarize Extension Synthetic Mouseover Event\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of interacting with untrusted webpages and the potential for malicious mouseover events.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T20:18:00Z","date_published":"2026-05-18T20:18:00Z","id":"https://feed.craftedsignal.io/briefs/2026-05-summarize-mouseover-rce/","summary":"Summarize versions prior to 0.15.1 contain a vulnerability (CVE-2026-45245) in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events, triggering authenticated daemon requests and potentially exposing sensitive internal endpoints.","title":"Summarize Extension Mouseover Authenticated Request Vulnerability (CVE-2026-45245)","url":"https://feed.craftedsignal.io/briefs/2026-05-summarize-mouseover-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Summarize","version":"https://jsonfeed.org/version/1.1"}