CVE-2026-45222: Summarize Information Disclosure Flaw

CVE-2026-45222 Overview

CVE-2026-45222 is an insecure file permissions vulnerability in the Summarize tool affecting versions through 0.14.1. The daemon creates its configuration directory and daemon.json file using default filesystem permissions on Unix-like systems. These defaults are typically world-readable, exposing sensitive contents to any local user account. The configuration file stores the daemon bearer token and persisted provider API credentials. Local attackers can read these secrets to authenticate to the daemon or reuse provider API keys outside the host. The issue is tracked under CWE-732: Incorrect Permission Assignment for Critical Resource and was remediated in commit 0cfb0fb.

Critical Impact

Local users on shared Unix-like hosts can read ~/.summarize/daemon.json, harvest the daemon bearer token, and recover stored provider API credentials.

Affected Products

• Summarize versions up to and including 0.14.1
• Deployments on Unix-like systems where ~/.summarize/ inherits a permissive umask
• Multi-user hosts where additional local accounts can traverse the user home directory

Discovery Timeline

• 2026-05-11 - CVE-2026-45222 published to NVD
• 2026-05-13 - Last updated in NVD database

Technical Details for CVE-2026-45222

Vulnerability Analysis

The Summarize daemon persists its runtime configuration to ~/.summarize/daemon.json. This file holds the daemon bearer token used by clients to authenticate to the local daemon, as well as cached credentials for upstream AI providers. On Unix-like systems, fs.mkdir and the subsequent file write rely on the process umask to determine final permissions. With a common default umask of 0022, the directory becomes 0755 and the file 0644, both readable by any local account. Any process running under a different user can therefore open the file and exfiltrate secrets without elevated privileges.

Root Cause

The root cause is a missing explicit mode argument when creating the configuration directory and a missing chmod step when writing the configuration file. The application trusts the inherited umask to provide confidentiality, which is inappropriate for files that store long-lived bearer tokens and third-party API keys. This pattern maps directly to [CWE-732].

Attack Vector

Exploitation requires only local, low-privileged access to the host where Summarize is configured. An attacker reads ~/.summarize/daemon.json, extracts the bearer token, and sends authenticated requests to the daemon's local interface. The same file yields provider API keys that can be used from any host to consume billable services or access historical data tied to those credentials.

// Security patch in src/daemon/config.ts - fix: keep daemon config private
 }): Promise<string> {
   const configPath = resolveDaemonConfigPath(env);
   const dir = path.dirname(configPath);
-  await fs.mkdir(dir, { recursive: true });
+  await fs.mkdir(dir, { recursive: true, mode: 0o700 });
+  await fs.chmod(dir, 0o700).catch(() => {
+    // Best effort: Windows and some filesystems do not support POSIX modes.
+  });
+  await fs.chmod(configPath, 0o600).catch(() => {
+    // Tighten existing files before rewriting secrets; ignore first install.
+  });
   const primaryToken = normalizeDaemonToken(config.token);
   const tokens = normalizeDaemonTokens(
     Array.isArray(config.tokens) ? [primaryToken, ...config.tokens] : [primaryToken],

Source: GitHub Commit 0cfb0fb. The patch enforces 0o700 on the directory and 0o600 on daemon.json, restricting access to the owning user.

Detection Methods for CVE-2026-45222

Indicators of Compromise

• Permissions on ~/.summarize/daemon.json other than 0600, or on ~/.summarize/ other than 0700, on Unix-like hosts running Summarize <= 0.14.1.
• Read access to daemon.json by a user identifier that does not match the file owner in audit logs (auditd, fapolicyd, eBPF file telemetry).
• Unexpected authenticated requests to the Summarize daemon's local endpoint from processes not associated with the legitimate user.
• Provider-side API usage from IP addresses or workloads that have never previously called the affected API keys.

Detection Strategies

• Hunt for file access events targeting */.summarize/daemon.json where the accessing UID differs from the file owner.
• Inventory hosts running Summarize and verify the installed version is later than 0.14.1 or that the configuration directory has mode 0700.
• Correlate provider API key usage telemetry with expected source hosts to surface stolen-key reuse.

Monitoring Recommendations

• Enable file integrity monitoring on ~/.summarize/ for all user accounts where the daemon is installed.
• Alert on chmod, cp, or cat operations against daemon.json executed by non-owning users.
• Rotate bearer tokens and provider API keys on any host where permissive permissions were observed, and watch for anomalous use afterward.

How to Mitigate CVE-2026-45222

Immediate Actions Required

• Upgrade Summarize to a version that includes commit 0cfb0fb (post 0.14.1).
• Manually tighten existing installations with chmod 700 ~/.summarize and chmod 600 ~/.summarize/daemon.json.
• Rotate the daemon bearer token and all provider API keys previously stored in daemon.json.
• Audit historical file access on multi-user hosts to determine whether secrets were read before remediation.

Patch Information

The fix is delivered in commit 0cfb0fb and merged via GitHub Pull Request #214. The patch creates the configuration directory with mode 0o700 and forces daemon.json to mode 0o600 using fs.chmod, with best-effort handling for filesystems that do not support POSIX modes. Additional context is available in the VulnCheck Security Advisory.

Workarounds

• Set a restrictive umask such as 0077 for the user account that runs the Summarize daemon before initial configuration.
• Relocate ~/.summarize/ to a directory whose parent already enforces 0700 and explicitly chmod both the directory and file after any configuration change.
• Avoid storing long-lived provider API keys in daemon.json; inject them via environment variables sourced from a secrets manager at daemon start.

# Configuration example: enforce restrictive permissions on existing installs
chmod 700 "$HOME/.summarize"
chmod 600 "$HOME/.summarize/daemon.json"
umask 0077