Path Traversal Vulnerability in CAI Content Credentials by Adobe
CVE-2026-34657

5.5MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-34657?

An Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in CAI Content Credentials, affecting versions c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier. This security flaw allows adversaries to potentially write to unauthorized files or directories outside the intended restrictions. Exploitation of this vulnerability necessitates user interaction, requiring the victim to extract a malicious file. Users are advised to remain vigilant and limit interactions with untrusted files to mitigate risks.

Affected Version(s)

CAI Content Credentials 0

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.