Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an uncontrolled resource consumption flaw that lets an attacker trigger a denial‑of‑service condition without any user interaction. By sending crafted requests, an attacker can exhaust system resources such as memory or processing power, leading to application instability or failure.

Affected Systems

Adobe CAI Content Credentials versions 0.78.2, 0.7.0 and all earlier releases are affected.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity, and since the EPSS score is not available, exploitation likelihood cannot be quantified. The flaw is not listed in the CISA KEV catalog. An attacker can exploit the vulnerability remotely by repeatedly invoking the vulnerable endpoint, consuming system resources, and crashing the application.

Generated by OpenCVE AI on May 12, 2026 at 21:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe CAI Content Credentials to the latest available version that contains the fix.
  • Configure network or application‑level rate limiting to reduce the impact of repeated requests to the Content Credentials service.
  • Monitor system resource utilization for abnormal spikes and apply resource throttling policies if possible.

Generated by OpenCVE AI on May 12, 2026 at 21:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:24:53.200Z

Reserved: 2026-03-30T17:30:36.495Z

Link: CVE-2026-34677

cve-icon Vulnrichment

Updated: 2026-05-12T20:24:48.682Z

cve-icon NVD

Status : Received

Published: 2026-05-12T20:16:38.033

Modified: 2026-05-12T20:16:38.033

Link: CVE-2026-34677

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:45:05Z

Weaknesses