Description
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Input Validation flaw, classified as CWE‑20, in Adobe CAI Content Credentials that affects versions c2pa-web@0.7.0, c2pa-v0.78.2, and all earlier releases. By supplying malformed input, an attacker can trigger a crash in the application, resulting in a denial‑of‑service for any service using the credentials component. The description provides no evidence of code execution, data disclosure, or privilege escalation, so the primary impact remains the loss of availability.

Affected Systems

Adobe CAI Content Credentials versions 0.78.2, 0.7.0, and all earlier releases are affected. Any system or application that incorporates these versions of the credentials component is vulnerable.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity. Because the EPSS score is <1% and the flaw is not listed in CISA’s KEV catalog, the likelihood of exploitation remains low but uncertain, although the description states that no user interaction is required. Based on the description, it is inferred that an attacker could trigger the crash remotely, potentially using crafted network input or a web request. Until a patch is applied, the risk is moderate but could become severe if the flaw is actively abused.

Generated by OpenCVE AI on June 9, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to a later version that removes the Improper Input Validation flaw.
  • Restart the credentials service after updating to clear any retained crashed state.
  • Implement process monitoring so an automated restart occurs if the service unexpectedly exits, thereby reducing downtime while a patch is deployed.

Generated by OpenCVE AI on June 9, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:37:52.152Z

Reserved: 2026-03-30T17:30:36.496Z

Link: CVE-2026-34679

cve-icon Vulnrichment

Updated: 2026-05-12T20:24:32.333Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T20:16:38.257

Modified: 2026-06-09T22:16:24.150

Link: CVE-2026-34679

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:00:12Z

Weaknesses