CVE-2026-45243 MEDIUM

CVE-2026-45243: Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script

Vendor Steipete

Product summarize

Weakness CWE-862 · Missing authorization

Published May 18, 2026

Last update May 19, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read, create, overwrite, or delete automation artifacts scoped to the affected tab without proper authorization checks.

Key dates

02Disclosure timeline

May 18, 2026 CVE published

May 19, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-45243 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification CVE-2024-1771 Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update CVE-2024-43157 WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation