CVE-2026-53781
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| steipete | summarize | 0 < 0.17.0 | affected |
Weaknesses
- CWE-770: Allocation of Resources Without Limits or Throttling
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/steipete/summarize/releases/tag/v0.17.0
- https://github.com/steipete/summarize/pull/237
- https://github.com/steipete/summarize/commit/14de194c24c5e0fba4bdb4a6f7766eb6ea3ed750
- https://www.vulncheck.com/advisories/summarize-disk-exhaustion-via-uncapped-media-download
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.