CAI Content Credentials | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
CVE-2026-34657

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Cai Content Credentials
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-34657?

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.

Affected Version(s)

CAI Content Credentials 0

References

https://helpx.adobe.com/security/products/content-authent...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34657 Data

JSON

Adobe

What is CVE-2026-34657?

Affected Version(s)

References

CVSS V3.1

Timeline