Path traversal in Content Credentials JS SDK and Content Credentials Rust SDK - CVE-2026-34657
Published: July 15, 2026
Content Credentials JS SDK
Content Credentials Rust SDK
Detailed vulnerability description
The vulnerability allows a remote attacker to perform an arbitrary file system write.
The vulnerability exists due to path traversal in Content Credentials Rust SDK when handling crafted file paths. A remote attacker can trick the victim into opening crafted content to perform an arbitrary file system write.
User interaction is required to open crafted content.