CVE-2026-34657

CVE Database · CVE-2026-34657

CVE-2026-34657

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

0.17%

Published

Jun 9, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-22

Affected Products (7)

adobe · c2pavulnerable

adobe · c2pa-webvulnerable

apple · iphone_os

apple · macos

google · android

linux · linux_kernel

microsoft · windows

References (1)

https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs