PT-2026-39728 · Summarize · Summarize

Hinotoi-Agent

·

Published

2026-05-11

·

Updated

2026-05-11

·

CVE-2026-45222

CVSS v4.0

6.9

Medium

VectorAV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.14.1
Description The software creates the daemon configuration directory and file using default filesystem permissions that may be world-readable on Unix-like systems. This allows local attackers to read the ~/.summarize/daemon.json file, which contains bearer tokens and persisted provider API credentials. By exploiting these permissive permissions, an attacker can gain unauthorized access to the daemon or recover sensitive API keys.
Recommendations Update to the version containing commit 0cfb0fb.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45222
GHSA-QP7V-GJGG-4MJ6

Affected Products

Summarize