PT-2026-41725 · Steipete · Summarize
Published
2026-05-18
·
Updated
2026-05-20
·
CVE-2026-45246
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Summarize versions prior to 0.15.1
Description
An insecure file permission issue exists in the refresh-free configuration rewrite path. When the software rewrites the configuration file, it creates the replacement using default process umask permissions rather than preserving the original file permissions. This allows local users on shared Unix-like systems to read sensitive credentials, such as API keys and provider credentials, stored within the configuration file.
Recommendations
Update to version 0.15.1.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Summarize