Description
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper input validation flaw in Adobe CAI Content Credentials c2pa-web@0.7.0, c2pa-v0.78.2 and earlier. An attacker can supply crafted input that causes the application to crash, resulting in a denial-of-service. Exploitation does not require user interaction. The flaw disrupts availability.

Affected Systems

Affected product is Adobe CAI Content Credentials, a component of Adobe’s Content Authenticity SDK. Versions 0.78.2, 0.7.0, and all earlier releases are vulnerable. Organizations that deploy the SDK should verify the version in use and evaluate any risk of downtime.

Risk and Exploitability

The CVSS score is 6.2, placing it in the medium severity range. The EPSS score is <1%, indicating a very low likelihood of exploitation. The vulnerability is not listed in CISA KEV, which indicates no known widespread exploitation. Attackers could trigger the denial-of-service by sending specially crafted requests at any time, so the risk is highest for services that expose the vulnerable component to the network.

Generated by OpenCVE AI on June 9, 2026 at 23:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to the latest version that includes the fix.
  • If an upgrade is not possible immediately, restrict or sanitize input paths that could trigger the crash, such as filtering or blocking large or malformed payloads.
  • Configure the application or infrastructure to automatically restart the service upon a crash and monitor logs for subsequent failures.

Generated by OpenCVE AI on June 9, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:39:05.738Z

Reserved: 2026-03-30T17:30:36.495Z

Link: CVE-2026-34669

cve-icon Vulnrichment

Updated: 2026-05-12T20:23:18.807Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T20:16:37.473

Modified: 2026-06-17T10:39:25.030

Link: CVE-2026-34669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:30:05Z

Weaknesses
  • CWE-20

    Improper Input Validation