Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can trigger excessive use of system resources in Adobe CAI Content Credentials without requiring user interaction, leading to an application denial‑of‑service. The vulnerability carries a CVSS score of 7.5, indicating a moderate‑to‑high impact. It originates from a failure to protect against unchecked resource usage, classified as CWE‑400. The effect is a loss of availability for users of the affected service.

Affected Systems

Adobe CAI Content Credentials, specifically the c2pa-web@0.7.1, c2pa-v0.80.1 and all earlier releases.

Risk and Exploitability

The CVSS score reflects a significant risk, and the absence of a KEV listing or an EPSS value means the exploitation likelihood is unknown but could be high given the lack of user interaction. Likely, an attacker can exploit the vulnerability remotely through the service interface, sending crafted requests that exhaust CPU, memory, or other resources. Once resources are depleted, legitimate requests cannot be processed, resulting in a denial‑of‑service for legitimate users.

Generated by OpenCVE AI on June 9, 2026 at 22:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to a version newer than c2pa-web@0.7.1 and c2pa-v0.80.1.
  • If an upgrade is not feasible, restrict network access to the application to trusted networks and enforce strict input validation to limit request size and rate.
  • Implement system resource limits (e.g., CPU, memory quotas) and monitor application logs for abnormal spikes, taking remedial action such as throttling or restarting the service when thresholds are exceeded.

Generated by OpenCVE AI on June 9, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe c2pa
Adobe c2pa-web
CPEs cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
Vendors & Products Adobe c2pa
Adobe c2pa-web

Wed, 10 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe C2pa C2pa-web Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-10T14:01:28.301Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34713

cve-icon Vulnrichment

Updated: 2026-06-10T14:01:14.620Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T22:16:24.780

Modified: 2026-06-15T17:42:37.807

Link: CVE-2026-34713

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:15:16Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption