Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Advisories

severity: medium
date: 6/11/2026
Affecting: Summarize < 0.17.0
CVE: CVE-2026-53781
CWE: CWE-770 Allocation of Resources Without Limits or Throttling
CVSS: 5.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
References: Release Notes
Pull Request
Patch Commit
Credit: Chia Min Jun Lennon
Description: Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo