Improper Input Validation in CAI Content Credentials from Adobe
CVE-2026-48353

5.5MEDIUM

What is CVE-2026-48353?

CAI Content Credentials by Adobe is susceptible to an improper input validation issue that can allow attackers to read arbitrary files from the file system. This vulnerability could potentially expose sensitive information and directories beyond the authorized access limits. The exploitation of this vulnerability necessitates user interaction; specifically, a victim must open a maliciously crafted file for an attacker to gain unauthorized access.

Affected Version(s)

Content Credentials Command-Line Tool 0

Content Credentials Command-Line Tool 0

Content Credentials JS SDK 0

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.