Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-48312— CAI Content Credentials | Improper Input Validation (CWE-20)

CVSS 6.8 · Medium EPSS 0.16% · P6

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 6

VendorProductVersion RangeStatus
AdobeContent Credentials Command-Line Tool≤ c2patool-v0.16.5affected
c2patool-v0.26.65unaffected
AdobeContent Credentials JS SDK≤ @contentauth/c2pa-web@0.7.0affected
@contentauth/c2pa-web@0.9.0unaffected
AdobeContent Credentials Rust SDK≤ c2pa-v0.84.0affected
c2pa-v0.85.2unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48312

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
CAI Content Credentials | Improper Input Validation (CWE-20)
Source: NVD (National Vulnerability Database)
Vulnerability Description
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe CAI Content Credentials 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe CAI Content Credentials是美国Adobe公司的数字内容凭证系统。 Adobe CAI Content Credentials存在输入验证错误漏洞,该漏洞源于输入验证不当,可能导致安全功能绕过,攻击者可利用此漏洞绕过安全措施并获得未经授权的写入权限。以下版本受到影响:c2pa-v0.84.0及之前版本、c2patool-v0.16.5及之前版本和@contentauth/c2pa-web@0.7.0及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AdobeContent Credentials Rust SDK 0 ~ c2pa-v0.84.0 -
AdobeContent Credentials Command-Line Tool 0 ~ c2patool-v0.16.5 -
AdobeContent Credentials JS SDK 0 ~ @contentauth/c2pa-web@0.7.0 -

II. Public POCs for CVE-2026-48312

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-48312

登录查看更多情报信息。

Vendor Advisories for CVE-2026-48312 (1)

Same Patch Batch · Adobe · 2026-07-14 · 88 CVEs total

CVE-2026-483189.9 CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
CVE-2026-482849.6 CRITICALColdFusion | Improper Input Validation (CWE-20)
CVE-2026-483229.6 CRITICALColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)
CVE-2026-483569.6 CRITICALAdobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2026-483599.6 CRITICALAdobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (
CVE-2026-482599.6 CRITICALAdobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918)
CVE-2026-483259.3 CRITICALColdFusion | Missing Authentication for Critical Function (CWE-306)
CVE-2026-483219.3 CRITICALColdFusion | Incorrect Authorization (CWE-863)
CVE-2026-483349.3 CRITICALIllustrator | Improper Input Validation (CWE-20)
CVE-2026-483589.1 CRITICALAdobe Commerce | Improper Encoding or Escaping of Output (CWE-116)
CVE-2026-483249.1 CRITICALColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Inje
CVE-2026-483199.1 CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
CVE-2026-483279.0 CRITICALColdFusion | Incorrect Authorization (CWE-863)
CVE-2026-479948.7 HIGHAdobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2026-482758.6 HIGHIllustrator | Untrusted Search Path (CWE-426)
CVE-2026-483508.6 HIGHAnimate | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (
CVE-2026-479888.6 HIGHAdobe Commerce | Incorrect Authorization (CWE-863)
CVE-2026-482528.6 HIGHAdobe Experience Manager | Missing Authentication for Critical Function (CWE-306)
CVE-2026-483108.6 HIGHAdobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('P
CVE-2026-483208.5 HIGHColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

Showing top 20 of 88 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-48312

No comments yet


Leave a comment