Description
Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json. A local attacker can exploit these permissive permissions to read the daemon bearer token and persisted provider credentials, enabling unauthorized access to the daemon or recovery of sensitive API keys.
Published: 2026-05-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the daemon configuration directory and file being created with default Unix permissions that can be world-readable, allowing a local user to read bearer tokens and API credentials stored in ~/.summarize/daemon.json. This local attacker can obtain the daemon bearer token and persisted provider credentials, providing unauthorized access to the daemon or enabling recovery of sensitive API keys.

Affected Systems

The affected product is steipete: summarize, versions up to and including 0.14.1. The fix was introduced in commit 0cfb0fb, which correctly sets restrictive permissions for the configuration file.

Risk and Exploitability

The CVSS score of 6.9 classifies this vulnerability as medium severity. No EPSS score is available, and it is not listed in the CISA KEV catalog. The attack vector is local; based on the description, a user who has read access to their own home directory can read the world-readable configuration file, thereby extracting bearer tokens and stored API credentials which can be used to gain unauthorized access to the daemon or retrieve sensitive keys.

Generated by OpenCVE AI on May 11, 2026 at 19:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the version that includes commit 0cfb0fb or later to apply the permission fix.
  • Change the permissions of the existing ~/.summarize/daemon.json file to restrict access to the owner only (e.g., chmod 600 ~/.summarize/daemon.json).
  • If possible, configure the daemon to avoid storing bearer tokens or API credentials in a file or to encrypt them before writing.

Generated by OpenCVE AI on May 11, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qp7v-gjgg-4mj6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json
History

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Steipete
Steipete summarize
Vendors & Products Steipete
Steipete summarize

Mon, 11 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json. A local attacker can exploit these permissive permissions to read the daemon bearer token and persisted provider credentials, enabling unauthorized access to the daemon or recovery of sensitive API keys.
Title Summarize Insecure Daemon Configuration File Permissions
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Steipete Summarize
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-11T19:17:42.927Z

Reserved: 2026-05-11T14:14:49.611Z

Link: CVE-2026-45222

cve-icon Vulnrichment

Updated: 2026-05-11T19:17:31.897Z

cve-icon NVD

Status : Deferred

Published: 2026-05-11T19:16:27.313

Modified: 2026-05-13T15:30:24.603

Link: CVE-2026-45222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:22:40Z

Weaknesses