CVE-2026-45244

Source
https://cve.org/CVERecord?id=CVE-2026-45244
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45244.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45244
Aliases
Published
2026-05-18T18:57:32.327Z
Modified
2026-07-08T08:13:29.960153466Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
Summarize < 0.15.1 Unapproved Browser Automation Execution
Details

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invoke enabled extension automation tools such as navigation or debugger-backed actions, bypassing the final user approval step when a user interacts with attacker-controlled content.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45244.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/steipete/summarize

Affected ranges

Type
GIT
Repo
https://github.com/steipete/summarize
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:steipete:summarize:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.15.1"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.1.2
v0.10.0
v0.11.1
v0.12.0
v0.13.0
v0.13.1
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.2
v0.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45244.json"