Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer overflow or wraparound in Adobe CAI Content Credentials that can trigger an application crash, resulting in a denial‑of‑service condition. The attack does not require user interaction and can be launched solely by sending crafted data to the vulnerable component.

Affected Systems

Adobe CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected. All deployments of these or older releases should be considered at risk.

Risk and Exploitability

The CVSS score of 7.5 reflects a moderate‑to‑high severity of the denial‑of‑service impact. The EPSS score is not available, indicating that exploitation probability is presently uncertain, but the vulnerability is not listed in the CISA KEV catalog. An attacker can exploit the issue remotely by supplying malformed input to the content credentials service, causing an integer overflow and immediate crash without needing any user action.

Generated by OpenCVE AI on June 9, 2026 at 23:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CAI Content Credentials to the latest release that contains the integer overflow fix.
  • Restart the content credentials services to load the updated binaries.
  • Enforce input size limits or bounds checks on data processed by the service to mitigate the risk of unintended integer overflows.

Generated by OpenCVE AI on June 9, 2026 at 23:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:21:57.417Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34711

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T22:16:24.520

Modified: 2026-06-09T22:16:24.520

Link: CVE-2026-34711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:00:10Z

Weaknesses