Description
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Input Validation flaw, identified as CWE‑20, that affects CAI Content Credentials c2pa-web 0.7.0, c2pa-v0.78.2 and earlier. An attacker can supply malformed data to trigger a crash, resulting in denial of service. No user interaction is required to trigger the failure.

Affected Systems

Adobe CAI Content Credentials products are affected, specifically version 0.78.2, 0.7.0 and earlier. These builds, when installed, are susceptible to the input validation issue.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. The EPSS score indicates a probability of exploitation less than 1%, showing a low likelihood of exploitation but the flaw can still be abused without user interaction, suggesting a remote or network‑based attack path. The vulnerability is not listed in the CISA KEV catalog, reducing evidence of widespread exploitation yet the risk remains significant due to the inherent denial‑of‑service effect.

Generated by OpenCVE AI on June 9, 2026 at 23:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe CAI Content Credentials to the latest patched version available from Adobe.
  • If an immediate upgrade is not feasible, configure the application to restart or reboot the process automatically when a crash occurs to mitigate DoS impact.
  • Implement rigorous input validation or sanitization before data is passed to the CAI Content Credentials component to prevent malformed payloads from triggering the fault.

Generated by OpenCVE AI on June 9, 2026 at 23:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:38:58.674Z

Reserved: 2026-03-30T17:30:36.495Z

Link: CVE-2026-34670

cve-icon Vulnrichment

Updated: 2026-05-12T20:24:23.617Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T20:16:37.583

Modified: 2026-06-17T10:39:25.130

Link: CVE-2026-34670

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:45:15Z

Weaknesses
  • CWE-20

    Improper Input Validation