CVE-2026-34657
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by a 'Path Traversal' vulnerability that allows arbitrary file system writes. An attacker could exploit this vulnerability to write to unauthorized files or directories outside of intended restrictions.
Risk Assessment
The organization may be exposed to unauthorized data access and potential deletion or modification of critical files. User interaction is required, which increases the risk when opening malicious files.
Recommendation
It is recommended to update to the latest version of CAI Content Credentials to mitigate this vulnerability. Additionally, users should be educated about the risks associated with opening unknown files.
Original NVD description (English source)
CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.

