Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Input Validation flaw in Adobe CAI Content Credentials. A malicious input can cause the application to crash, resulting in a denial‑of‑service condition. The flaw does not require any user interaction, meaning that an attacker can trigger it remotely through crafted data sent to the application.

Affected Systems

Adobe CAI Content Credentials is affected, specifically versions c2pa-web@0.7.1, c2pa-v0.80.1 and all earlier releases. Users running these versions with external input processing should consider them at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity level. With no EPSS score available and the vulnerability not listed in the KEV catalog, the exploitation probability is uncertain but the potential impact is clear. The attack vector is inferred to be remote, where an attacker sends malicious data to the content verification component without user involvement, triggering a crash.

Generated by OpenCVE AI on June 9, 2026 at 22:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe CAI Content Credentials to the latest release that fixes the input validation issue
  • Limit or sandbox external data that is passed to the credential verification module to reduce the chance of malformed input being processed
  • Monitor application logs and system metrics for unexpected crashes or resource exhaustion that could indicate exploitation attempts

Generated by OpenCVE AI on June 9, 2026 at 22:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:21:56.597Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34712

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T22:16:24.633

Modified: 2026-06-09T22:16:24.633

Link: CVE-2026-34712

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:00:10Z

Weaknesses