Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe CAI Content Credentials versions 0.78.2 0.7.0 and earlier are vulnerable to Improper Input Validation, which can be used by an attacker to crash the application, resulting in a denial-of-service condition. The flaw is a classic input validation error (CWE-20) and does not compromise confidentiality or integrity, but it disrupts availability for legitimate users.

Affected Systems

The affected product is Adobe CAI Content Credentials. Versions up to and including 0.78.2, 0.7.0 and earlier are impacted; any installation running one of those releases is at risk.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity. The exploit does not require user interaction, and the EPSS score is not provided, but the vulnerability can be triggered remotely by sending malformed input to the component. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits at the time of this advisory. However, the lack of user interaction requirements makes it a realistic target for automated attacks, so applying the fix is recommended.

Generated by OpenCVE AI on May 12, 2026 at 21:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to the latest patched release available from Adobe’s security advisory page.
  • If an immediate upgrade is not possible, isolate the affected component from untrusted networks and restrict its exposure to external input.
  • Monitor application logs and system metrics for unexpected crashes or denial-of-service symptoms, and respond to any incidents promptly.

Generated by OpenCVE AI on May 12, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:23:55.536Z

Reserved: 2026-03-30T17:30:36.494Z

Link: CVE-2026-34668

cve-icon Vulnrichment

Updated: 2026-05-12T20:23:50.041Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:37.360

Modified: 2026-05-15T14:13:28.880

Link: CVE-2026-34668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:36:00Z

Weaknesses