CVE-2026-45242: Summarize Daemon Path Traversal Vulnerability

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitypath-traversalcwe-862
CVE-2026-45242: Summarize Daemon Path Traversal Vulnerability

The National Vulnerability Database (NVD) has disclosed CVE-2026-45242, a high-severity path traversal vulnerability in versions prior to 0.15.1 of the Summarize daemon. This flaw resides in the /v1/summarize endpoint, allowing authenticated callers to write files to arbitrary directories.

Attackers can exploit this by injecting absolute paths or directory traversal sequences into the slidesDir request parameter. This enables them to write slide_*.png and slides.json files to any writable directory. A subsequent extraction operation can then be used to delete matching files at the specified location, indicating a potential for both unauthorized file creation and deletion.

The NVD assigns a CVSS score of 7.1 (High) to this vulnerability. While the NVD does not specify affected products, the core issue is a fundamental path traversal (CWE-862) that can have significant impact on system integrity and availability, allowing attackers to manipulate file systems beyond intended boundaries.

What This Means For You

  • If your organization uses the Summarize daemon, specifically versions prior to 0.15.1, you are exposed. This path traversal isn't just a nuisance; it's a direct path to arbitrary file write and delete, potentially leading to privilege escalation, data corruption, or denial of service. Identify all instances of this daemon in your environment immediately and prioritize patching to version 0.15.1 or later. Review file system integrity monitoring for unexpected file creations or deletions in critical directories.

Indicators of Compromise

IDTypeIndicator
CVE-2026-45242 Path Traversal Summarize prior to 0.15.1
CVE-2026-45242 Path Traversal Vulnerable endpoint: /v1/summarize
CVE-2026-45242 Path Traversal Vulnerable parameter: slidesDir
CVE-2026-45242 Path Traversal Affected files: slide_*.png, slides.json

Written by SCW Vulnerability Desk

🔎
Track Critical Vulnerabilities Use /brief to get an analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 18, 2026 at 22:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-20240 — Denial of Service

CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-20
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data

CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...

vulnerabilityCVEhigh-severitycwe-532
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 5 IOCs /⚙ 4 Sigma

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...

vulnerabilityCVEmedium-severitycwe-863
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma