CVE-2026-34657
MEDIUMCAI Content Credentials | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Title source: cnaDescription
CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html
Scores
CVSS v3
5.5
EPSS
0.0017
EPSS Percentile
6.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (3)
adobe/c2pa
< 0.80.1
adobe/c2pa-web
< 0.7.1
Adobe/CAI Content Credentials
< c2pa-v0.80.1
Published
Jun 09, 2026
Tracked Since
Jun 10, 2026