Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-48352— CAI Content Credentials | Improper Input Validation (CWE-20)

CVSS 7.5 · High EPSS 0.41% · P33

Affected Version Matrix 6

VendorProductVersion RangeStatus
AdobeContent Credentials Command-Line Tool≤ c2patool-v0.16.5affected
c2patool-v0.26.65unaffected
AdobeContent Credentials JS SDK≤ @contentauth/c2pa-web@0.7.0affected
@contentauth/c2pa-web@0.9.0unaffected
AdobeContent Credentials Rust SDK≤ c2pa-v0.84.0affected
c2pa-v0.85.2unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48352

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
CAI Content Credentials | Improper Input Validation (CWE-20)
Source: NVD (National Vulnerability Database)
Vulnerability Description
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe Content Credentials Rust SDK 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe Content Credentials Rust SDK是美国Adobe公司的一款内容凭证软件工具包。 Adobe Content Credentials Rust SDK c2pa-v0.84.0及之前版本存在输入验证错误漏洞,该漏洞源于输入验证错误,可能导致应用程序拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AdobeContent Credentials Rust SDK 0 ~ c2pa-v0.84.0 -
AdobeContent Credentials Command-Line Tool 0 ~ c2patool-v0.16.5 -
AdobeContent Credentials JS SDK 0 ~ @contentauth/c2pa-web@0.7.0 -

II. Public POCs for CVE-2026-48352

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-48352

登录查看更多情报信息。

Vendor Advisories for CVE-2026-48352 (1)

Same Patch Batch · Adobe · 2026-07-14 · 88 CVEs total

CVE-2026-483189.9 CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
CVE-2026-482849.6 CRITICALColdFusion | Improper Input Validation (CWE-20)
CVE-2026-483229.6 CRITICALColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)
CVE-2026-483569.6 CRITICALAdobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2026-483599.6 CRITICALAdobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (
CVE-2026-482599.6 CRITICALAdobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918)
CVE-2026-483259.3 CRITICALColdFusion | Missing Authentication for Critical Function (CWE-306)
CVE-2026-483219.3 CRITICALColdFusion | Incorrect Authorization (CWE-863)
CVE-2026-483349.3 CRITICALIllustrator | Improper Input Validation (CWE-20)
CVE-2026-483589.1 CRITICALAdobe Commerce | Improper Encoding or Escaping of Output (CWE-116)
CVE-2026-483249.1 CRITICALColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Inje
CVE-2026-483199.1 CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
CVE-2026-483279.0 CRITICALColdFusion | Incorrect Authorization (CWE-863)
CVE-2026-479948.7 HIGHAdobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2026-482758.6 HIGHIllustrator | Untrusted Search Path (CWE-426)
CVE-2026-483508.6 HIGHAnimate | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (
CVE-2026-479888.6 HIGHAdobe Commerce | Incorrect Authorization (CWE-863)
CVE-2026-482528.6 HIGHAdobe Experience Manager | Missing Authentication for Critical Function (CWE-306)
CVE-2026-483108.6 HIGHAdobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('P
CVE-2026-483208.5 HIGHColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

Showing top 20 of 88 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-48352

No comments yet


Leave a comment