{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-55736", "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "state": "PUBLISHED", "assignerShortName": "EEF", "dateReserved": "2026-06-17T10:44:34.365Z", "datePublished": "2026-06-23T18:21:13.033Z", "dateUpdated": "2026-07-10T04:34:23.070Z" }, "containers": { "cna": { "affected": [ { "collectionURL": "https://repo.hex.pm", "cpes": [ "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "modules": [ "'Elixir.Ash.Changeset'" ], "packageName": "ash", "packageURL": "pkg:hex/ash", "product": "ash", "programFiles": [ "lib/ash/changeset/changeset.ex" ], "programRoutines": [ { "name": "'Elixir.Ash.Changeset':cast_params/4" }, { "name": "'Elixir.Ash.Changeset':get_action_argument/2" }, { "name": "'Elixir.Ash.Changeset':atomic_params/4" }, { "name": "'Elixir.Ash.Changeset':has_argument?/2" } ], "repo": "https://github.com/ash-project/ash", "vendor": "ash-project", "versions": [ { "lessThan": "3.29.3", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] }, { "collectionURL": "https://github.com", "cpes": [ "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "modules": [ "'Elixir.Ash.Changeset'" ], "packageName": "ash-project/ash", "packageURL": "pkg:github/ash-project/ash", "product": "ash", "programFiles": [ "lib/ash/changeset/changeset.ex" ], "programRoutines": [ { "name": "'Elixir.Ash.Changeset':cast_params/4" }, { "name": "'Elixir.Ash.Changeset':get_action_argument/2" }, { "name": "'Elixir.Ash.Changeset':atomic_params/4" }, { "name": "'Elixir.Ash.Changeset':has_argument?/2" } ], "repo": "https://github.com/ash-project/ash", "vendor": "ash-project", "versions": [ { "lessThan": "d9b3100219b3ea86d73202bf7368c03a7688efea", "status": "affected", "version": "5967ed3a483ab949866e6d7b043b043e61703f17", "versionType": "git" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
An action must declare a private argument (one defined with public?: false) whose value is meant to be set only by trusted server-side code, and the application must build the changeset from untrusted user-supplied parameters, passing them straight into Ash.Changeset.for_create/3, for_update/3, for_destroy/3, or into an atomic or bulk update.
" } ], "value": "An action must declare a private argument (one defined with public?: false) whose value is meant to be set only by trusted server-side code, and the application must build the changeset from untrusted user-supplied parameters, passing them straight into Ash.Changeset.for_create/3, for_update/3, for_destroy/3, or into an atomic or bulk update." } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.29.3", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "credits": [ { "lang": "en", "type": "finder", "value": "Alfred Vié" }, { "lang": "en", "type": "remediation reviewer", "value": "Zach Daniel" }, { "lang": "en", "type": "analyst", "value": "Jonatan Männchen / EEF" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code.Action arguments declared with public?: false are meant to be set internally (for example via Ash.Changeset.set_private_argument/3) and must not be settable from end-user input. When a changeset is built from a parameter map, Ash filters out private arguments, but the filtering is incomplete.
In the regular changeset path (for_create, for_update, for_destroy), private arguments are stripped only when the parameter key is an atom. When the key is a binary (string), as is the case for user-supplied parameters, the private argument is kept and the user controls its value. In the atomic path (Ash.Changeset.fully_atomic_changeset/4, also reached through atomic and bulk updates), private arguments are not stripped at all, regardless of whether the key is an atom or a binary.
An attacker who can submit parameters to an action that defines a private argument can therefore inject a value for that argument. Depending on how the application uses the argument (for example an acting_user_id driving authorization or record ownership), this can lead to an integrity violation or privilege escalation.
This issue affects ash: from 3.0.0 before 3.29.3.
" } ], "value": "Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code.\n\nAction arguments declared with public?: false are meant to be set internally (for example via Ash.Changeset.set_private_argument/3) and must not be settable from end-user input. When a changeset is built from a parameter map, Ash filters out private arguments, but the filtering is incomplete.\n\nIn the regular changeset path (for_create, for_update, for_destroy), private arguments are stripped only when the parameter key is an atom. When the key is a binary (string), as is the case for user-supplied parameters, the private argument is kept and the user controls its value. In the atomic path (Ash.Changeset.fully_atomic_changeset/4, also reached through atomic and bulk updates), private arguments are not stripped at all, regardless of whether the key is an atom or a binary.\n\nAn attacker who can submit parameters to an action that defines a private argument can therefore inject a value for that argument. Depending on how the application uses the argument (for example an acting_user_id driving authorization or record ownership), this can lead to an integrity violation or privilege escalation.\n\nThis issue affects ash: from 3.0.0 before 3.29.3." } ], "impacts": [ { "capecId": "CAPEC-77", "descriptions": [ { "lang": "en", "value": "CAPEC-77 Manipulating User-Controlled Variables" } ] } ], "metrics": [ { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-915", "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db", "shortName": "EEF", "dateUpdated": "2026-07-10T04:34:23.070Z" }, "references": [ { "tags": [ "vendor-advisory", "related" ], "url": "https://github.com/ash-project/ash/security/advisories/GHSA-f4hc-ppw9-4hhw" }, { "tags": [ "related" ], "url": "https://cna.erlef.org/cves/CVE-2026-55736.html" }, { "tags": [ "related" ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-55736" }, { "tags": [ "patch" ], "url": "https://github.com/ash-project/ash/commit/d9b3100219b3ea86d73202bf7368c03a7688efea" } ], "source": { "discovery": "EXTERNAL" }, "title": "Private action arguments can be set by user input in Ash", "x_generator": { "engine": "cvelib 1.8.0" } }, "adp": [ { "references": [ { "url": "https://github.com/ash-project/ash/security/advisories/GHSA-f4hc-ppw9-4hhw", "tags": [ "exploit" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-07-09T14:53:04.134939Z", "id": "CVE-2026-55736", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-07-09T14:53:33.529Z" } } ] } }