High severity7.1NVD Advisory· Published May 18, 2026· Updated May 19, 2026
CVE-2026-45242
CVE-2026-45242
Description
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit this to write slide_*.png and slides.json files to any writable directory and subsequently delete matching files at the specified location through repeat extraction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@steipete/summarizenpm | < 0.15.0 | 0.15.0 |
Affected products
3Patches
Vulnerability mechanics
References
7- github.com/steipete/summarize/commit/ec8efd63295656fbfe8743620179c489bc5a242fnvdPatchWEB
- github.com/steipete/summarize/pull/220nvdExploitIssue TrackingPatchWEB
- github.com/advisories/GHSA-8jr4-6r33-phwmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-45242ghsaADVISORY
- www.vulncheck.com/advisories/summarize-path-traversal-via-slidesdir-parameternvdThird Party AdvisoryWEB
- github.com/steipete/summarize/releases/tag/v0.15.1ghsaWEB
- github.com/steipete/summarize/releases/tag/v0.15.2nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.