MEDIUM 6.1 npm
Summarize contains a missing authorization vulnerability
GHSA-5624-2pmv-jx46 · CVE-2026-45243
Published · Modified
Description
Summarize prior to 0.15.0 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read, create, overwrite, or delete automation artifacts scoped to the affected tab without proper authorization checks.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-45243
- WEB https://github.com/steipete/summarize/pull/222
- WEB https://github.com/steipete/summarize/commit/357544063af535bd574752622f9eb94be33ee5fd
- PACKAGE https://github.com/steipete/summarize
- WEB https://github.com/steipete/summarize/releases/tag/v0.15.1
- WEB https://github.com/steipete/summarize/releases/tag/v0.15.2
- WEB https://www.vulncheck.com/advisories/summarize-browser-extension-missing-authorization-via-content-script
Ready to move
Start Securing
Free, no credit card | First findings in minutes