CVE Catalog

CVE-2026-34657

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by a 'Path Traversal' vulnerability that allows arbitrary file system writes. An attacker could exploit this vulnerability to write to unauthorized files or directories outside of intended restrictions.

Risk Assessment

The organization may be exposed to unauthorized data access and potential deletion or modification of critical files. User interaction is required, which increases the risk when opening malicious files.

Recommendation

It is recommended to update to the latest version of CAI Content Credentials to mitigate this vulnerability. Additionally, users should be educated about the risks associated with opening unknown files.

Original NVD description (English source)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS