Description
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe CAI Content Credentials has an Improper Input Validation flaw that could allow an attacker to send crafted input which leads to a crash of the application and a denial‑of‑service. The vulnerability is classified as CWE‑20 and does not provide any other information disclosure or code execution capabilities. It can be exploited without user interaction.

Affected Systems

Adobe CAI Content Credentials versions 0.78.2, 0.7.0 and all earlier releases are affected. Systems running these or previous releases must consider upgrading to a version in which the input validation deficiency has been corrected.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. The EPSS score is less than 1%, indicating a low probability of exploitation, although the vulnerability can be exploited without user interaction, suggesting an attacker could trigger the crash remotely. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be remote, based on the description that external input is processed and no user action is required.

Generated by OpenCVE AI on June 9, 2026 at 23:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to a version that contains the fixed input‑validation logic.
  • If upgrading is not immediately possible, enforce strict validation or sanitization on all incoming data to prevent malformed input from reaching the vulnerable code path.
  • Deploy a watchdog or monitoring system that detects application crashes and restarts the service automatically to reduce downtime.

Generated by OpenCVE AI on June 9, 2026 at 23:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:39:37.337Z

Reserved: 2026-03-30T17:30:36.494Z

Link: CVE-2026-34666

cve-icon Vulnrichment

Updated: 2026-05-12T20:24:40.771Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T20:16:37.133

Modified: 2026-06-09T22:16:23.037

Link: CVE-2026-34666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:15:16Z

Weaknesses