CVE Catalog

CVE-2026-53782

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile - higher than 10% of all known CVEs

Summary

The vulnerability in Summarize before version 0.17.0 allows attackers controlling a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values.

Risk Assessment

Attackers can bypass protections through DNS rebinding and redirect-based techniques, exposing internal service responses through the summarization flow.

Recommendation

It is recommended to upgrade to the latest version of Summarize to eliminate this vulnerability and implement additional security measures to mitigate SSRF attacks.

Original NVD description (English source)

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values. Attackers can bypass protections through DNS rebinding and redirect-based techniques, as redirect targets are not revalidated and hostnames are not resolved before request dispatch, exposing internal service responses through the summarization flow.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS