What is GHSA-5624-2pmv-jx46?

GHSA-5624-2pmv-jx46 is a security advisory published by GitHub Security Advisories with Medium severity. Summarize contains a missing authorization vulnerability

Which CVE IDs does GHSA-5624-2pmv-jx46 cover?

GHSA-5624-2pmv-jx46 covers the following CVE IDs: CVE-2026-45243. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-5624-2pmv-jx46?

GHSA-5624-2pmv-jx46 has a CVSS v3 base score of 6.1, published by GitHub Security Advisories.

Which products are affected by GHSA-5624-2pmv-jx46?

GHSA-5624-2pmv-jx46 affects 1 product, including: npm/@steipete/summarize:\u003c 0.15.0.

GHSA-5624-2pmv-jx46MediumCVSS 6.1

Summarize contains a missing authorization vulnerability

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-45243 →

📋 Description

Summarize prior to 0.15.0 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read, create, overwrite, or delete automation artifacts scoped to the affected tab without proper authorization checks.

🎯 Affected products1

npm/@steipete/summarize:< 0.15.0

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-45243
https://github.com/steipete/summarize/pull/222
https://github.com/steipete/summarize/commit/357544063af535bd574752622f9eb94be33ee5fd
https://github.com/steipete/summarize/releases/tag/v0.15.2
https://www.vulncheck.com/advisories/summarize-browser-extension-missing-authorization-via-content-script
https://github.com/steipete/summarize/releases/tag/v0.15.1
https://github.com/advisories/GHSA-5624-2pmv-jx46