CVE-2026-34657
5.5 MEDIUMCAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restr...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- CWE
- CWE-22
Description
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24717 — A path traversal vulnerability has been reported to affect several QNAP operating system versions
- CVE-2025-62851 — A path traversal vulnerability has been reported to affect License Center
- CVE-2026-46491 — SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module (8.6 HIGH)
- CVE-2026-44716 — Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents (7.5 HIGH)
- CVE-2026-47932 — ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Tra... (8.8 HIGH)