{"id":"CVE-2026-53782","summary":"Summarize \u003c 0.17.0 SSRF via podcast:transcript URL fetch","details":"Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying malicious podcast:transcript URL values. Attackers can bypass protections through DNS rebinding and redirect-based techniques, as redirect targets are not revalidated and hostnames are not resolved before request dispatch, exposing internal service responses through the summarization flow.","modified":"2026-07-08T08:13:44.332505013Z","published":"2026-06-11T19:17:19.575Z","database_specific":{"cwe_ids":["CWE-918"],"cna_assigner":"VulnCheck","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53782.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53782.json"},{"type":"ADVISORY","url":"https://github.com/steipete/summarize/releases/tag/v0.17.0"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53782"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/summarize-ssrf-via-podcast-transcript-url-fetch"},{"type":"REPORT","url":"https://github.com/steipete/summarize/pull/239"},{"type":"FIX","url":"https://github.com/steipete/summarize/commit/3c5522440c4833dde033e226baa39e6dda1dfc75"},{"type":"PACKAGE","url":"https://github.com/steipete/summarize"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/steipete/summarize","events":[{"introduced":"0"},{"fixed":"a02245030f37b8a8d1d7bb6b0a151cb1890642d4"},{"fixed":"3c5522440c4833dde033e226baa39e6dda1dfc75"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"0.17.0"}]}}],"versions":["v0.16.3","v0.16.2","v0.16.1","v0.15.2","v0.15.1","v0.15.0","v0.14.1","v0.14.0","v0.13.1","v0.13.0","v0.12.0","v0.11.1","v0.10.0","v0.9.0","v0.8.2","v0.7.1","v0.7.0","v0.6.1","v0.6.0","v0.5.0","v0.4.0","v0.3.0","v0.2.0","v0.1.2","v0.1.1","v0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53782.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"}]}