Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CAI Content Credentials versions 0.78.2, 0.7.0, and earlier contain an uncontrolled resource consumption flaw. The flaw allows an attacker to send input that forces the application to allocate large amounts of memory or CPU, eventually exhausting system resources and causing a denial‑of‑service. No user interaction is required; an attacker can trigger the issue remotely.

Affected Systems

The affected software is Adobe CAI Content Credentials. Attackers can target installations using version 0.78.2, 0.7.0, or any earlier release. No other vendors are listed.

Risk and Exploitability

The CVSS base score of 6.2 denotes moderate severity, and the issue is not listed in the KEV catalogue. Because the vulnerability can be activated remotely without user interaction, it carries a realistic risk of exploitation. With EPSS data unavailable, the exact probability cannot be specified, but the potential for service disruption exists. Implementing rate limits and upgrading the software mitigates this risk.

Generated by OpenCVE AI on May 12, 2026 at 21:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to a version that fixes the uncontrolled resource consumption issue, or install the vendor‑issued patch if available.
  • Configure the application to enforce strict limits on resource usage for any inbound request, such as maximum memory allocation or request size.
  • Deploy network‑level throttling or rate limiting to restrict the rate of requests that can reach the CAI Content Credentials component.
  • If an upgrade is not immediately possible, isolate the service from other critical components to reduce the impact of a potential denial‑of‑service attack.

Generated by OpenCVE AI on May 12, 2026 at 21:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:24:04.717Z

Reserved: 2026-03-30T17:30:36.495Z

Link: CVE-2026-34673

cve-icon Vulnrichment

Updated: 2026-05-12T20:23:58.856Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:37.920

Modified: 2026-05-15T14:13:55.270

Link: CVE-2026-34673

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:36:01Z

Weaknesses