CVE-2026-53781 MEDIUM

CVE-2026-53781: Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Vendor Steipete
Product summarize
Weakness CWE-770 · Uncontrolled resource consumption
Published June 11, 2026
Last update June 12, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.

Key dates

02Disclosure timeline

June 11, 2026 CVE published
June 12, 2026 Record updated