Description
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow or wraparound flaw discovered in CAI Content Credentials versions 0.78.2, 0.7.0 and earlier can cause the application to crash, leading to a denial‑of‑service. The flaw arises when unvalidated numeric values cause an overflow. Exploiting the flaw does not require user interaction, so any external input that reaches the vulnerable code could trigger it.

Affected Systems

Adobe CAI Content Credentials releases 0.78.2, 0.7.0 and all earlier builds. Any environment running these affected versions is vulnerable; later releases are not mentioned as affected.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity. Because the flaw can be triggered without user interaction, an attacker could potentially disrupt services by sending crafted requests. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting that active exploitation may be limited but still poses a risk of service disruption.

Generated by OpenCVE AI on May 12, 2026 at 22:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CAI Content Credentials to a version that addresses the integer overflow flaw.
  • Limit network exposure of the CAI Content Credentials service to trusted hosts only.
  • Monitor the service for repeated crash events and configure alerts for abnormal denial‑of‑service patterns.

Generated by OpenCVE AI on May 12, 2026 at 22:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:23:46.533Z

Reserved: 2026-03-30T17:30:36.496Z

Link: CVE-2026-34680

cve-icon Vulnrichment

Updated: 2026-05-12T20:23:41.389Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:38.370

Modified: 2026-05-15T14:14:10.617

Link: CVE-2026-34680

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:35:59Z

Weaknesses