CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
References
| Link | Resource |
|---|---|
| https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
16 Jul 2026, 19:05
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:* | |
| First Time |
Adobe c2pa-web
|
16 Jul 2026, 18:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html - Vendor Advisory | |
| First Time |
Apple macos
Adobe c2patool Linux Google android Apple Linux linux Kernel Microsoft Microsoft windows Adobe Adobe c2pa Adobe contentauth\/c2pa-web Apple iphone Os |
|
| CPE | cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:contentauth\/c2pa-web:*:*:*:*:*:node.js:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:* cpe:2.3:a:adobe:c2patool:*:*:*:*:*:*:*:* |
14 Jul 2026, 22:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-14 22:17
Updated : 2026-07-16 19:05
NVD link : CVE-2026-48287
Mitre link : CVE-2026-48287
CVE.ORG link : CVE-2026-48287
JSON object : View
Products Affected
adobe
- c2pa
- c2pa-web
- c2patool
microsoft
- windows
- android
linux
- linux_kernel
apple
- macos
- iphone_os
CWE
CWE-426
Untrusted Search Path
