CVE-2026-48287

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2patool:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

16 Jul 2026, 19:05

Type Values Removed Values Added
CPE cpe:2.3:a:adobe:contentauth\/c2pa-web:*:*:*:*:*:node.js:*:* cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
First Time Adobe c2pa-web

16 Jul 2026, 18:59

Type Values Removed Values Added
References () https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html - () https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html - Vendor Advisory
First Time Apple macos
Adobe c2patool
Google
Linux
Google android
Apple
Linux linux Kernel
Microsoft
Microsoft windows
Adobe
Adobe c2pa
Adobe contentauth\/c2pa-web
Apple iphone Os
CPE cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:contentauth\/c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
cpe:2.3:a:adobe:c2patool:*:*:*:*:*:*:*:*

14 Jul 2026, 22:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-14 22:17

Updated : 2026-07-16 19:05


NVD link : CVE-2026-48287

Mitre link : CVE-2026-48287

CVE.ORG link : CVE-2026-48287


JSON object : View

Products Affected

adobe

  • c2pa
  • c2pa-web
  • c2patool

microsoft

  • windows

google

  • android

linux

  • linux_kernel

apple

  • macos
  • iphone_os
CWE
CWE-426

Untrusted Search Path