Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe CAI Content Credentials has an Improper Input Validation flaw that allows an attacker to send crafted input which causes the application to crash, resulting in a denial‑of‑service. The vulnerability is classified as CWE‑20 and does not provide any other information disclosure or code execution capabilities.

Affected Systems

Adobe CAI Content Credentials versions 0.78.2, 0.7.0 and all earlier releases are affected. Systems running these or previous releases must consider upgrading to a version in which the input validation deficiency has been corrected.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. Although no EPSS score is available, the issue can be exploited without any user interaction, implying that an attacker could trigger the crash remotely. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be remote, based on the description that external input is processed and no user action is required.

Generated by OpenCVE AI on May 12, 2026 at 21:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to a version that contains the fixed input‑validation logic.
  • If upgrading is not immediately possible, enforce strict validation or sanitization on all incoming data to prevent malformed input from reaching the vulnerable code path.
  • Deploy a watchdog or monitoring system that detects application crashes and restarts the service automatically to reduce downtime.

Generated by OpenCVE AI on May 12, 2026 at 21:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:24:45.844Z

Reserved: 2026-03-30T17:30:36.494Z

Link: CVE-2026-34666

cve-icon Vulnrichment

Updated: 2026-05-12T20:24:40.771Z

cve-icon NVD

Status : Received

Published: 2026-05-12T20:16:37.133

Modified: 2026-05-12T20:16:37.133

Link: CVE-2026-34666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:45:05Z

Weaknesses