Description
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper input validation flaw affecting CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and all earlier releases. A crafted input can cause the application to crash, leading to a denial‑of‑service condition. The flaw is identified as CWE‑20. Because the application stops responding after the crash, confidentiality and integrity are not directly compromised, but the availability of services relying on the application is disrupted. Exploitation does not require user interaction.

Affected Systems

Adobe CAI Content Credentials, versions 0.78.2, 0.7.0 and all earlier releases are impacted. No other vendors or product variants are listed as affected.

Risk and Exploitability

The CVSS score of 6.2 indicates medium overall severity. The EPSS score is < 1%, indicating a very low but nonzero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Exploitation does not require user interaction. The likely attack vector is remote, where an attacker sends a specially crafted request to the vulnerable component; this inference comes from the description of an input validation flaw that can crash the application.

Generated by OpenCVE AI on June 9, 2026 at 22:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Adobe security update that addresses the improper input validation in CAI Content Credentials 0.78.2 and earlier.
  • If an immediate update cannot be applied, block or restrict external access to the vulnerable interface so that only trusted clients can reach the affected component.
  • After applying the update or the configuration restriction, restart the application to clear any crash state and monitor logs for subsequent denial‑of‑service events.

Generated by OpenCVE AI on June 9, 2026 at 22:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:37:23.760Z

Reserved: 2026-03-30T17:30:36.496Z

Link: CVE-2026-34688

cve-icon Vulnrichment

Updated: 2026-05-12T20:23:34.061Z

cve-icon NVD

Status : Modified

Published: 2026-05-12T20:16:38.707

Modified: 2026-06-17T10:39:26.940

Link: CVE-2026-34688

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:00:15Z

Weaknesses
  • CWE-20

    Improper Input Validation