CVE-2026-45242

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1

Description A path traversal issue exists in the '/v1/summarize' daemon endpoint. Authenticated users can write files to arbitrary directories by providing an absolute path or directory traversal sequence in the slidesDir request parameter. This allows the creation of slide *.png and slides.json files in any writable directory, and subsequent deletion of matching files at that location through repeat extraction.

Recommendations Update to version 0.15.1 or later. As a temporary mitigation, restrict access to the '/v1/summarize' endpoint or avoid using the slidesDir parameter.