CVE-2026-45244

Name: CVE-2026-45244
Creator: NVD / NIST
Published: 2026-05-18T20:16:38.39+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 2.1/10EPSS 0.23%

Last modified Jun 17, 2026

CVE-2026-45244 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invoke enabled extension automation tools such as navigation or debugger-backed actions, bypassing the final user approval step when a user interacts with attacker-controlled content.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invoke enabled extension automation tools such as navigation or debugger-backed actions, bypassing the final user approval step when a user interacts with attacker-controlled content.

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS 4.0

2.1/10

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.23%

13.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-862

Affected Software

Vendor	Product	Versions
Steipete	Summarize	< 0.15.1

References

https://github.com/steipete/summarize/commit/e64fe3ecd1bb4fdc181dcfa88c96b9e1914ced0ePatch
https://github.com/steipete/summarize/pull/219Exploit, Issue Tracking, Patch
https://github.com/steipete/summarize/releases/tag/v0.15.2Release Notes
https://www.vulncheck.com/advisories/summarize-unapproved-browser-automation-executionThird Party Advisory

Timeline

Published: May 18, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-45244?

How severe is CVE-2026-45244?

CVE-2026-45244 has a CVSS score of 2.1/10 (LOW severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.

How do I fix CVE-2026-45244?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-45244?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST