Medium severity5.5NVD Advisory· Published May 18, 2026· Updated May 19, 2026
CVE-2026-45246
CVE-2026-45246
Description
Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates the replacement with default process umask permissions instead of preserving the original file permissions, exposing the config file containing API keys and provider credentials to other local users on shared Unix-like systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
4- github.com/steipete/summarize/commit/9e990193650a23dab73f37d5e1964d574a44098bnvdPatch
- github.com/steipete/summarize/pull/217nvdExploitIssue TrackingPatch
- www.vulncheck.com/advisories/summarize-insecure-file-permissions-information-disclosurenvdThird Party Advisory
- github.com/steipete/summarize/releases/tag/v0.15.2nvdRelease Notes
News mentions
0No linked articles in our index yet.