Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Input Validation flaw, identified as CWE‑20, that allows an attacker to supply malformed data to the CAI Content Credentials component, causing the application to crash. The crash results in a denial-of-service condition, denying legitimate users access to the service. No user interaction is required to trigger the failure.

Affected Systems

Adobe CAI Content Credentials products are affected, specifically version 0.78.2, 0.7.0 and earlier. These builds, when installed, are susceptible to the input validation issue.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. The EPSS score is not available, so the likelihood of exploitation is not quantified, but the flaw can be abused without user interaction, suggesting a remote or network‑based attack path. The vulnerability is not listed in the CISA KEV catalog, reducing evidence of widespread exploitation yet the risk remains significant due to the inherent denial‑of‑service effect.

Generated by OpenCVE AI on May 12, 2026 at 22:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe CAI Content Credentials to a patched version (e.g., version 0.79.0 or later) following Adobe's release notes.
  • If an immediate upgrade is not feasible, configure the application to restart or reboot the process automatically when a crash occurs to mitigate DoS impact.
  • Implement rigorous input validation or sanitization before data is passed to the CAI Content Credentials component to prevent malformed payloads from triggering the fault.

Generated by OpenCVE AI on May 12, 2026 at 22:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:24:29.205Z

Reserved: 2026-03-30T17:30:36.495Z

Link: CVE-2026-34670

cve-icon Vulnrichment

Updated: 2026-05-12T20:24:23.617Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:37.583

Modified: 2026-05-15T14:13:43.900

Link: CVE-2026-34670

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:36:06Z

Weaknesses