Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can trigger excessive use of system resources in Adobe CAI Content Credentials without requiring user interaction, leading to an application denial‑of‑service. The vulnerability carries a CVSS score of 7.5, indicating a moderate‑to‑high impact. It originates from a failure to protect against unchecked resource usage, classified as CWE‑400. The effect is a loss of availability for users of the affected service.

Affected Systems

Adobe CAI Content Credentials, specifically the c2pa-web@0.7.1, c2pa-v0.80.1 and all earlier releases.

Risk and Exploitability

The CVSS score reflects a significant risk, and the absence of a KEV listing or an EPSS value means the exploitation likelihood is unknown but could be high given the lack of user interaction. Likely, an attacker can exploit the vulnerability remotely through the service interface, sending crafted requests that exhaust CPU, memory, or other resources. Once resources are depleted, legitimate requests cannot be processed, resulting in a denial‑of‑service for legitimate users.

Generated by OpenCVE AI on June 9, 2026 at 22:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to a version newer than c2pa-web@0.7.1 and c2pa-v0.80.1.
  • If an upgrade is not feasible, restrict network access to the application to trusted networks and enforce strict input validation to limit request size and rate.
  • Implement system resource limits (e.g., CPU, memory quotas) and monitor application logs for abnormal spikes, taking remedial action such as throttling or restarting the service when thresholds are exceeded.

Generated by OpenCVE AI on June 9, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:21:51.492Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34713

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T22:16:24.780

Modified: 2026-06-09T22:16:24.780

Link: CVE-2026-34713

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:15:16Z

Weaknesses