Description
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values. Attackers can bypass protections through DNS rebinding and redirect-based techniques, as redirect targets are not revalidated and hostnames are not resolved before request dispatch, exposing internal service responses through the summarization flow.
Published: 2026-06-11
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Summarize before version 0.17.0 is vulnerable to a server‑side request forgery that allows an attacker who controls a podcast RSS feed to supply malicious podcast:transcript URLs pointing to loopback, link‑local, RFC 1918, or other reserved addresses. DNS rebinding and redirect‑based techniques can bypass the application’s protections because redirect targets are not revalidated and hostnames are not resolved before the request is dispatched, causing internal service responses to be exposed through the summarization flow.

Affected Systems

The vulnerability affects the steipete Summarize product. All releases prior to 0.17.0 are vulnerable.

Risk and Exploitability

The CVSS score is 6.3. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to supply a malicious podcast feed; the attacker can then instruct the host to fetch data from internal or restricted addresses, potentially exposing sensitive data or internal network services. The risk level is moderate to high, with a clear path to internal resource disclosure.

Generated by OpenCVE AI on June 11, 2026 at 22:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Summarize to version 0.17.0 or later.
  • Block or filter outgoing requests to loopback, RFC 1918, link‑local, and other reserved IP ranges in the host’s network configuration or firewall.
  • Implement server‑side URL validation that rejects reserved address families and explicitly revalidates HTTP redirects before request dispatch.

Generated by OpenCVE AI on June 11, 2026 at 22:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Steipete
Steipete summarize
Vendors & Products Steipete
Steipete summarize

Thu, 11 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values. Attackers can bypass protections through DNS rebinding and redirect-based techniques, as redirect targets are not revalidated and hostnames are not resolved before request dispatch, exposing internal service responses through the summarization flow.
Title Summarize < 0.17.0 SSRF via podcast:transcript URL fetch
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Steipete Summarize
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-11T19:24:01.385Z

Reserved: 2026-06-10T20:14:32.826Z

Link: CVE-2026-53782

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-11T20:16:25.787

Modified: 2026-06-11T20:50:49.480

Link: CVE-2026-53782

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:15:09Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)