Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for Content Credentials JS SDK by Adobe

    CVE-2026-48357 (GCVE-0-2026-48357)

    Vulnerability from nvd – Published: 2026-07-14 21:33 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
    Summary
    CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption (CWE-400)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:12.682049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:11.923Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption (CWE-400)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:07.894Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48357",
        "datePublished": "2026-07-14T21:33:00.285Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:11.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48354 (GCVE-0-2026-48354)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
    Summary
    CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound (CWE-190)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:08.924027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound (CWE-190)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:08.261Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48354",
        "datePublished": "2026-07-14T21:32:55.707Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:12.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48353 (GCVE-0-2026-48353)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:30:32.962019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:13.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.5,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 5.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:11.891Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48353",
        "datePublished": "2026-07-14T21:32:53.498Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:13.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48352 (GCVE-0-2026-48352)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:30:47.863537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:13.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:09.376Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48352",
        "datePublished": "2026-07-14T21:32:54.225Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:13.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48351 (GCVE-0-2026-48351)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:31.089222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:08.636Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48351",
        "datePublished": "2026-07-14T21:32:57.308Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:12.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48312 (GCVE-0-2026-48312)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:39.209448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.8,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:09.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48312",
        "datePublished": "2026-07-14T21:32:58.069Z",
        "dateReserved": "2026-05-21T15:28:38.136Z",
        "dateUpdated": "2026-07-14T23:39:12.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48302 (GCVE-0-2026-48302)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48302",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:20.032681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.634Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:10.447Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48302",
        "datePublished": "2026-07-14T21:32:56.574Z",
        "dateReserved": "2026-05-21T15:28:38.136Z",
        "dateUpdated": "2026-07-14T23:39:12.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48298 (GCVE-0-2026-48298)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
    Summary
    CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound) (CWE-191)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:30:57.988901Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.913Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound) (CWE-191)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:10.098Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48298",
        "datePublished": "2026-07-14T21:32:54.977Z",
        "dateReserved": "2026-05-21T15:28:38.135Z",
        "dateUpdated": "2026-07-14T23:39:12.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48296 (GCVE-0-2026-48296)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
    Summary
    CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound) (CWE-191)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:04.627117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound) (CWE-191)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:11.165Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48296",
        "datePublished": "2026-07-14T21:32:59.536Z",
        "dateReserved": "2026-05-21T15:28:38.135Z",
        "dateUpdated": "2026-07-14T23:39:12.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48295 (GCVE-0-2026-48295)

    Vulnerability from nvd – Published: 2026-07-14 21:33 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)
    Summary
    CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials (CWE-522)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48295",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:32.211641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:11.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "Insufficiently Protected Credentials (CWE-522)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:10.803Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48295",
        "datePublished": "2026-07-14T21:33:01.777Z",
        "dateReserved": "2026-05-21T15:28:38.135Z",
        "dateUpdated": "2026-07-14T23:39:11.628Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48290 (GCVE-0-2026-48290)

    Vulnerability from nvd – Published: 2026-07-14 21:33 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)
    Summary
    CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48290",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:21.640378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:11.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim\u0027s account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 8.2,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.2,
                "temporalSeverity": "HIGH",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:09.734Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48290",
        "datePublished": "2026-07-14T21:33:01.048Z",
        "dateReserved": "2026-05-21T15:28:38.134Z",
        "dateUpdated": "2026-07-14T23:39:11.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48287 (GCVE-0-2026-48287)

    Vulnerability from nvd – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Untrusted Search Path (CWE-426)
    Summary
    CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-426 - Untrusted Search Path (CWE-426)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:50.298398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker\u0027s control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.4,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 7.4,
                "temporalSeverity": "HIGH",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "Untrusted Search Path (CWE-426)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:11.523Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Untrusted Search Path (CWE-426)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48287",
        "datePublished": "2026-07-14T21:32:58.807Z",
        "dateReserved": "2026-05-21T15:28:38.134Z",
        "dateUpdated": "2026-07-14T23:39:12.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48295 (GCVE-0-2026-48295)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:33 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)
    Summary
    CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials (CWE-522)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48295",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:32.211641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:11.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "Insufficiently Protected Credentials (CWE-522)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:10.803Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48295",
        "datePublished": "2026-07-14T21:33:01.777Z",
        "dateReserved": "2026-05-21T15:28:38.135Z",
        "dateUpdated": "2026-07-14T23:39:11.628Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48290 (GCVE-0-2026-48290)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:33 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)
    Summary
    CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48290",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:21.640378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:11.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim\u0027s account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 8.2,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 8.2,
                "temporalSeverity": "HIGH",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF) (CWE-918)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:09.734Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48290",
        "datePublished": "2026-07-14T21:33:01.048Z",
        "dateReserved": "2026-05-21T15:28:38.134Z",
        "dateUpdated": "2026-07-14T23:39:11.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48357 (GCVE-0-2026-48357)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:33 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)
    Summary
    CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption (CWE-400)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:12.682049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:11.923Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption (CWE-400)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:07.894Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48357",
        "datePublished": "2026-07-14T21:33:00.285Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:11.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48296 (GCVE-0-2026-48296)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
    Summary
    CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound) (CWE-191)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:32:04.627117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound) (CWE-191)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:11.165Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48296",
        "datePublished": "2026-07-14T21:32:59.536Z",
        "dateReserved": "2026-05-21T15:28:38.135Z",
        "dateUpdated": "2026-07-14T23:39:12.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48287 (GCVE-0-2026-48287)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Untrusted Search Path (CWE-426)
    Summary
    CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-426 - Untrusted Search Path (CWE-426)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48287",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:50.298398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker\u0027s control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.4,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "HIGH",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "CHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "CHANGED",
                "temporalScore": 7.4,
                "temporalSeverity": "HIGH",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "Untrusted Search Path (CWE-426)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:11.523Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Untrusted Search Path (CWE-426)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48287",
        "datePublished": "2026-07-14T21:32:58.807Z",
        "dateReserved": "2026-05-21T15:28:38.134Z",
        "dateUpdated": "2026-07-14T23:39:12.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48312 (GCVE-0-2026-48312)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:39.209448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.8,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "HIGH",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "LOW",
                "modifiedIntegrityImpact": "HIGH",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:09.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48312",
        "datePublished": "2026-07-14T21:32:58.069Z",
        "dateReserved": "2026-05-21T15:28:38.136Z",
        "dateUpdated": "2026-07-14T23:39:12.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48351 (GCVE-0-2026-48351)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:31.089222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:08.636Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48351",
        "datePublished": "2026-07-14T21:32:57.308Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:12.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48302 (GCVE-0-2026-48302)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48302",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:20.032681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.634Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:10.447Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48302",
        "datePublished": "2026-07-14T21:32:56.574Z",
        "dateReserved": "2026-05-21T15:28:38.136Z",
        "dateUpdated": "2026-07-14T23:39:12.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48354 (GCVE-0-2026-48354)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)
    Summary
    CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound (CWE-190)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:31:08.924027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound (CWE-190)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:08.261Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48354",
        "datePublished": "2026-07-14T21:32:55.707Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:12.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48298 (GCVE-0-2026-48298)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)
    Summary
    CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound) (CWE-191)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:30:57.988901Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:12.913Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 6.2,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "Integer Underflow (Wrap or Wraparound) (CWE-191)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:10.098Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48298",
        "datePublished": "2026-07-14T21:32:54.977Z",
        "dateReserved": "2026-05-21T15:28:38.135Z",
        "dateUpdated": "2026-07-14T23:39:12.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48352 (GCVE-0-2026-48352)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48352",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:30:47.863537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:13.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 7.5,
                "environmentalSeverity": "HIGH",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "NETWORK",
                "modifiedAvailabilityImpact": "HIGH",
                "modifiedConfidentialityImpact": "NONE",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 7.5,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:09.376Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48352",
        "datePublished": "2026-07-14T21:32:54.225Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:13.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48353 (GCVE-0-2026-48353)

    Vulnerability from cvelistv5 – Published: 2026-07-14 21:32 – Updated: 2026-07-14 23:39
    VLAI
    Title
    CAI Content Credentials | Improper Input Validation (CWE-20)
    Summary
    CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation (CWE-20)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Content Credentials Rust SDK Affected: 0 , ≤ c2pa-v0.84.0 (custom)
    Unaffected: c2pa-v0.85.2 (custom)
    Create a notification for this product.
    Adobe Content Credentials Command-Line Tool Affected: 0 , ≤ c2patool-v0.16.5 (custom)
    Unaffected: c2patool-v0.26.65 (custom)
    Create a notification for this product.
    Adobe Content Credentials JS SDK Affected: 0 , ≤ @contentauth/c2pa-web@0.7.0 (custom)
    Unaffected: @contentauth/c2pa-web@0.9.0 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T23:30:32.962019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T23:39:13.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Rust SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2pa-v0.84.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2pa-v0.85.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials Command-Line Tool",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "c2patool-v0.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "c2patool-v0.26.65",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Content Credentials JS SDK",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "@contentauth/c2pa-web@0.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "@contentauth/c2pa-web@0.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT_DEFINED",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "confidentialityRequirement": "NOT_DEFINED",
                "environmentalScore": 5.5,
                "environmentalSeverity": "MEDIUM",
                "exploitCodeMaturity": "NOT_DEFINED",
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT_DEFINED",
                "modifiedAttackComplexity": "LOW",
                "modifiedAttackVector": "LOCAL",
                "modifiedAvailabilityImpact": "NONE",
                "modifiedConfidentialityImpact": "HIGH",
                "modifiedIntegrityImpact": "NONE",
                "modifiedPrivilegesRequired": "NONE",
                "modifiedScope": "UNCHANGED",
                "modifiedUserInteraction": "REQUIRED",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 5.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation (CWE-20)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T21:42:11.891Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CAI Content Credentials | Improper Input Validation (CWE-20)",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2026-48353",
        "datePublished": "2026-07-14T21:32:53.498Z",
        "dateReserved": "2026-05-21T15:28:38.140Z",
        "dateUpdated": "2026-07-14T23:39:13.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }