CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2patool:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

16 Jul 2026, 19:03

Type Values Removed Values Added
First Time Apple macos
Adobe c2patool
Google
Linux
Google android
Apple
Linux linux Kernel
Microsoft windows
Adobe
Adobe c2pa
Microsoft
Adobe c2pa-web
Apple iphone Os
CPE cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:c2pa-web:*:*:*:*:*:node.js:*:*
cpe:2.3:a:adobe:c2pa:*:*:*:*:*:rust:*:*
cpe:2.3:a:adobe:c2patool:*:*:*:*:*:*:*:*
References () https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html - () https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html - Vendor Advisory

14 Jul 2026, 22:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-14 22:17

Updated : 2026-07-16 19:03


NVD link : CVE-2026-48295

Mitre link : CVE-2026-48295

CVE.ORG link : CVE-2026-48295


JSON object : View

Products Affected

adobe

  • c2pa
  • c2pa-web
  • c2patool

microsoft

  • windows

google

  • android

linux

  • linux_kernel

apple

  • macos
  • iphone_os
CWE
CWE-522

Insufficiently Protected Credentials