{"id":"CVE-2026-53781","summary":"Summarize \u003c 0.17.0 Disk Exhaustion via Uncapped Media Download","details":"Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests. Attackers who control a podcast feed or media URL can stream an unbounded response to local storage via the temp-file download path, exhausting disk or system resources on the host running the CLI.","modified":"2026-07-08T08:13:45.194431535Z","published":"2026-06-11T19:11:49.211Z","database_specific":{"cwe_ids":["CWE-770"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53781.json","cna_assigner":"VulnCheck"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53781.json"},{"type":"ADVISORY","url":"https://github.com/steipete/summarize/releases/tag/v0.17.0"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53781"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/summarize-disk-exhaustion-via-uncapped-media-download"},{"type":"REPORT","url":"https://github.com/steipete/summarize/pull/237"},{"type":"FIX","url":"https://github.com/steipete/summarize/commit/14de194c24c5e0fba4bdb4a6f7766eb6ea3ed750"},{"type":"PACKAGE","url":"https://github.com/steipete/summarize"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/steipete/summarize","events":[{"introduced":"0"},{"fixed":"a02245030f37b8a8d1d7bb6b0a151cb1890642d4"},{"fixed":"14de194c24c5e0fba4bdb4a6f7766eb6ea3ed750"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.17.0"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["v0.16.3","v0.16.2","v0.16.1","v0.15.2","v0.15.1","v0.15.0","v0.14.1","v0.14.0","v0.13.1","v0.13.0","v0.12.0","v0.11.1","v0.10.0","v0.9.0","v0.8.2","v0.7.1","v0.7.0","v0.6.1","v0.6.0","v0.5.0","v0.4.0","v0.3.0","v0.2.0","v0.1.2","v0.1.1","v0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53781.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}]}