Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CAI Content Credentials versions c2pa-web 0.7.1, c2pa-v0.80.1, and earlier contain an uncontrolled resource consumption flaw (CWE‑400). An attacker can trigger excessive use of system resources, which can lead to application denial‑of‑service. The vulnerability does not require user interaction to be executed.

Affected Systems

The affected system is Adobe’s CAI Content Credentials component, specifically versions c2pa-web 0.7.1, c2pa-v0.80.1, and all earlier releases.

Risk and Exploitability

The CVSS score of 6.2 reflects medium severity. EPSS is unavailable and the vulnerability is not listed in CISA’s KEV catalog. Because the flaw does not require user interaction, the likely attack vector is remote or automated, as inferred from the description. An attacker could exhaust host resources, leading to application denial‑of‑service, and may repeatedly trigger the issue until a patch is deployed.

Generated by OpenCVE AI on June 9, 2026 at 22:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Patch the affected CAI Content Credentials to a version newer than c2pa-web 0.7.1 and c2pa-v0.80.1 following Adobe’s security advisory.
  • Configure server resource limits (CPU, memory, connections) to mitigate resource exhaustion until the patch is deployed.
  • Disable or restrict access to the exposed endpoints or functionality until the update is installed.

Generated by OpenCVE AI on June 9, 2026 at 22:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:21:55.688Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47904

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T22:16:25.403

Modified: 2026-06-09T22:16:25.403

Link: CVE-2026-47904

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:45:17Z

Weaknesses