Vulnerability in Adobe Content Credentials Command-line Tool
CVE-2026-48295
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploita…
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Adobe Content Credentials Command-line Tool — versions 0, c2patool-v0.26.65
- Adobe Content Credentials Js Sdk — versions 0, @contentauth/c2pa-web@0.9.0
- Adobe Content Credentials Rust Sdk — versions 0, c2pa-v0.85.2
Weakness classification (CWE)
References
- psirt@adobe.com (vendor-advisory)
Frequently asked questions
- What is CVE-2026-48295?
- CVE-2026-48295 is a high-severity vulnerability in Adobe Content Credentials Command-line Tool, classified under Insufficiently Protected Credentials. CVSS score: 7.5/10. Published 2026-07-14.
- How severe is CVE-2026-48295?
- High severity. CVSS v3 base score is 7.5 out of 10.