CVE-2026-53781
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
The vulnerability in Summarize before version 0.17.0 allows remote attackers to exhaust disk resources by serving media responses that bypass the enforced size limits. This can occur through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests.
Risk Assessment
Attackers controlling a podcast feed or media URL can stream unbounded responses to local storage, exhausting disk or system resources on the host running the CLI.
Recommendation
It is recommended to upgrade to version 0.17.0 or later and to monitor and restrict access to podcast feeds and media URLs to prevent potential attacks.
Original NVD description (English source)
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.

