Path Traversal Vulnerability in CAI Content Credentials by Adobe
CVE-2026-34657
5.5MEDIUM
What is CVE-2026-34657?
An Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in CAI Content Credentials, affecting versions c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier. This security flaw allows adversaries to potentially write to unauthorized files or directories outside the intended restrictions. Exploitation of this vulnerability necessitates user interaction, requiring the victim to extract a malicious file. Users are advised to remain vigilant and limit interactions with untrusted files to mitigate risks.
Affected Version(s)
CAI Content Credentials 0