Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper input validation flaw exists in Adobe CAI Content Credentials library versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier. An attacker can supply specially crafted data that causes the application to crash, resulting in a denial‑of‑service. The vulnerability does not require any user interaction to be triggered.

Affected Systems

The affected product is Adobe CAI Content Credentials, part of the Content Authenticity SDK. Versions c2pa-web 0.7.1 and earlier, and c2pa-v0.80.1 and earlier are impacted.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity. EPSS information is unavailable, but the lack of user interaction and the ability to crash the application make exploitation straightforward for an attacker. The vulnerability is not listed in CISA’s KEV catalog. An attacker can initiate the exploit remotely by sending malformed input, leading to service interruption on the affected system.

Generated by OpenCVE AI on June 9, 2026 at 22:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched release of CAI Content Credentials that removes the input validation flaw.
  • Implement additional input validation to reject malformed payloads before they are passed to the library.
  • Configure the application to isolate the library (e.g., use a sandbox or separate process) and to automatically restart or recover if a crash occurs.

Generated by OpenCVE AI on June 9, 2026 at 22:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:21:54.849Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47903

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T22:16:25.290

Modified: 2026-06-09T22:16:25.290

Link: CVE-2026-47903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:15:16Z

Weaknesses