Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Published: 2026-06-09
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier expose an uncontrolled resource consumption flaw that allows an attacker to drain system memory and CPU, leading to a denial‑of‑service condition. The weakness is classified as CWE‑400, reflecting excessive and uncontrolled resource usage. Attacks require no user interaction; a remote actor can trigger the denial simply by sending crafted requests.

Affected Systems

Adobe CAI Content Credentials is the affected product. Versions c2pa-web@0.7.1, c2pa-v0.80.1 and any older releases are vulnerable. End‑points running these versions, when exposed to potential attackers, are at risk of experiencing service disruption.

Risk and Exploitability

The CVSS score of 6.2 places the issue in the medium severity range. While the EPSS score is not available, the lack of user interaction and the straightforward resource exhaustion nature suggest that automated exploitation could be feasible. The vulnerability is not currently listed in the CISA KEV catalog, but organizations should still treat it as a potential threat, especially if the affected components are exposed to untrusted inputs.

Generated by OpenCVE AI on June 9, 2026 at 23:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CAI Content Credentials to a version newer than c2pa-web@0.7.1 and c2pa-v0.80.1.
  • Implement application‑level resource limits or quotas to prevent individual requests from exhausting memory or CPU.
  • Configure network‑level rate limiting or firewall rules to block excessive or malformed traffic targeting the vulnerable components.

Generated by OpenCVE AI on June 9, 2026 at 23:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe cai Content Credentials
Vendors & Products Adobe
Adobe cai Content Credentials

Tue, 09 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Title CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Cai Content Credentials
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T21:21:53.212Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47905

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T22:16:25.517

Modified: 2026-06-09T22:16:25.517

Link: CVE-2026-47905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T02:30:05Z

Weaknesses