Vulnerability Description
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invoke enabled extension automation tools such as navigation or debugger-backed actions, bypassing the final user approval step when a user interacts with attacker-controlled content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Steipete | Summarize | < 0.15.1 |
Related Weaknesses (CWE)
References
- https://github.com/steipete/summarize/commit/e64fe3ecd1bb4fdc181dcfa88c96b9e1914Patch
- https://github.com/steipete/summarize/pull/219ExploitIssue TrackingPatch
- https://github.com/steipete/summarize/releases/tag/v0.15.2Release Notes
- https://www.vulncheck.com/advisories/summarize-unapproved-browser-automation-exeThird Party Advisory
FAQ
What is CVE-2026-45244?
CVE-2026-45244 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation featur...
How severe is CVE-2026-45244?
CVE-2026-45244 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-45244?
Check the references section above for vendor advisories and patch information. Affected products include: Steipete Summarize.