CVE Catalog

CVE-2026-53781

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

22th percentile — higher than 22% of all known CVEs

Summary

The vulnerability in Summarize before version 0.17.0 allows remote attackers to exhaust disk resources by serving media responses that bypass the enforced size limits. This can occur through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests.

Risk Assessment

Attackers controlling a podcast feed or media URL can stream unbounded responses to local storage, exhausting disk or system resources on the host running the CLI.

Recommendation

It is recommended to upgrade to version 0.17.0 or later and to monitor and restrict access to podcast feeds and media URLs to prevent potential attacks.

Original NVD description (English source)

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS