Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Adobe CAI Content Credentials is an uncontrolled resource consumption flaw that can allow an attacker to exhaust system resources and trigger an application denial-of-service. The flaw is a classic DoS weakness, identified as CWE-400, that does not require any user interaction to be triggered.

Affected Systems

Adobe CAI Content Credentials versions 0.78.2, 0.7.0 and any earlier releases are affected. Affected deployments include all installations of the Content Authenticity SDK that reference those version strings.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. Because no EPSS score is available, the likelihood of exploitation remains uncertain, but the flaw can be triggered simply by sending resource-intensive requests from the network and does not require privileged access. The vulnerability is not listed in the CISA KEV catalog, but its moderate CVSS and the lack of a defensive patch in current releases suggest that organizations should treat it with priority and avoid exposure while a fix is forthcoming.

Generated by OpenCVE AI on May 12, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to a patched version that removes the uncontrolled resource consumption issue; if a patch is not yet released, apply the vendor’s recommended mitigation steps to disable the vulnerable feature
  • Implement application‑level rate limiting or resource quotas to prevent any single client from consuming excessive CPU or memory
  • Configure monitoring and alerting for sudden spikes in CPU or memory usage that may indicate an ongoing denial‑of‑service attempt

Generated by OpenCVE AI on May 12, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:23:30.987Z

Reserved: 2026-03-30T17:30:36.495Z

Link: CVE-2026-34678

cve-icon Vulnrichment

Updated: 2026-05-12T20:23:26.460Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:38.150

Modified: 2026-05-15T14:14:03.390

Link: CVE-2026-34678

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:35:56Z

Weaknesses