Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier suffer from an uncontrolled resource consumption flaw that can be triggered by an attacker to exhaust system resources, bringing the application to a denial‑of‑service state. The weakness is identified as CWE‑400 and does not require user interaction.

Affected Systems

Adobe CAI Content Credentials, specifically the c2pa-web@0.7.1, c2pa-v0.80.1 and any earlier releases of the product.

Risk and Exploitability

The CVSS score of 6.2 indicates a medium severity vulnerability. Because the exploit does not need user interaction and can be initiated remotely, the risk profile is higher if the affected application is exposed to the internet. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet; however the nature of the flaw makes the threat realistic for systems that have not implemented defensive controls.

Generated by OpenCVE AI on June 9, 2026 at 22:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe CAI Content Credentials to the latest release that contains the fix for the resource exhaustion issue.
  • Implement application‑level rate limiting or concurrency controls to restrict the number of simultaneous requests and to guard against over‑utilization of system resources.
  • Configure system monitoring to detect abnormal spikes in CPU or memory usage and to alert administrators before a full denial of service occurs.

Generated by OpenCVE AI on June 9, 2026 at 22:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:21:54.062Z

Reserved: 2026-05-20T15:50:31.358Z

Link: CVE-2026-47902

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T22:16:25.177

Modified: 2026-06-09T22:16:25.177

Link: CVE-2026-47902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:15:16Z

Weaknesses