CVE-2026-48295
HIGH
7.5
CVSS 3.1
Description
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.
Metadata
Severity & Metrics
7.5
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Affected products (3)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Adobe | Content Credentials Command-Line Tool | — | 0 ≤ c2patool-v0.16.5, c2patool-v0.26.65 |
| Adobe | Content Credentials JS SDK | — | 0 ≤ @contentauth/c2pa-web@0.7.0, @contentauth/c2pa-web@0.9.0 |
| Adobe | Content Credentials Rust SDK | — | 0 ≤ c2pa-v0.84.0, c2pa-v0.85.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-522 | cna | Insufficiently Protected Credentials (CWE-522) |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.5 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |