CVE-2026-47904

Analyzed Analyzed - Analysis Complete

CAI Content Credentials Uncontrolled Resource Consumption

Publication date: 2026-06-09

Last updated on: 2026-06-15

Assigner: Adobe Systems Incorporated

Description

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-15

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-47904

EUVD

EUVD-2026-35848

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	c2pa	to 0.80.1 (inc)
adobe	c2pa-web	to 0.7.1 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-400	The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

Executive Summary

This vulnerability affects CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier. It is an Uncontrolled Resource Consumption vulnerability, meaning an attacker can exploit it to consume excessive system resources.

Exploiting this vulnerability can lead to an application denial-of-service condition, where the application becomes unavailable or unresponsive.

Notably, exploitation does not require any user interaction.

Impact Analysis

The primary impact of this vulnerability is that an attacker could cause an application denial-of-service by exhausting system resources.

This means the affected application may become unavailable or stop functioning properly, potentially disrupting services or workflows that depend on it.

Hi! I’m here to help you understand CVE-2026-47904. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70