Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read, create, overwrite, or delete automation artifacts scoped to the affected tab without proper authorization checks.
References
| Link | Resource |
|---|---|
| https://github.com/steipete/summarize/commit/357544063af535bd574752622f9eb94be33ee5fd | Patch |
| https://github.com/steipete/summarize/pull/222 | Exploit Issue Tracking Patch |
| https://github.com/steipete/summarize/releases/tag/v0.15.2 | Release Notes |
| https://www.vulncheck.com/advisories/summarize-browser-extension-missing-authorization-via-content-script | Third Party Advisory |
Configurations
History
19 May 2026, 01:34
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:steipete:summarize:*:*:*:*:*:*:*:* | |
| First Time |
Steipete summarize
Steipete |
|
| References | () https://github.com/steipete/summarize/commit/357544063af535bd574752622f9eb94be33ee5fd - Patch | |
| References | () https://github.com/steipete/summarize/pull/222 - Exploit, Issue Tracking, Patch | |
| References | () https://github.com/steipete/summarize/releases/tag/v0.15.2 - Release Notes | |
| References | () https://www.vulncheck.com/advisories/summarize-browser-extension-missing-authorization-via-content-script - Third Party Advisory |
18 May 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-18 19:16
Updated : 2026-05-19 01:34
NVD link : CVE-2026-45243
Mitre link : CVE-2026-45243
CVE.ORG link : CVE-2026-45243
JSON object : View
Products Affected
steipete
- summarize
CWE
CWE-862
Missing Authorization