Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Adobe CAI Content Credentials allows an attacker to trigger an integer overflow or wraparound, causing the application to crash. The crash leads to a denial-of-service condition, preventing legitimate users from accessing the service. The attack does not require any user interaction, meaning the vulnerability can be exercised automatically by sending crafted input to the software.

Affected Systems

Adobe CAI Content Credentials versions 0.78.2, 0.7.0 and all earlier releases are affected. Systems running these versions of the SDK are vulnerable until updated to a version that includes the fix.

Risk and Exploitability

The CVSS score is 6.2, indicating moderate severity. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the vulnerability can be exploited without user interaction, implying that an attacker could trigger the overflow by sending a malicious input to the application, potentially from a remote source. The risk is therefore moderate but could disrupt service availability if a targeted or automated exploit is deployed.

Generated by OpenCVE AI on May 12, 2026 at 21:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe CAI Content Credentials release that contains the integer overflow fix
  • Restart the application services to ensure the new binaries are loaded
  • If an update cannot be applied immediately, disable any components or features that process large integer inputs until the patch is installed

Generated by OpenCVE AI on May 12, 2026 at 21:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:23:15.529Z

Reserved: 2026-03-30T17:30:36.495Z

Link: CVE-2026-34671

cve-icon Vulnrichment

Updated: 2026-05-12T20:23:10.747Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:37.693

Modified: 2026-05-15T14:13:47.353

Link: CVE-2026-34671

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:35:53Z

Weaknesses