{"affected":[{"package":{"ecosystem":"Hex","name":"ash","purl":"pkg:hex/ash"},"ranges":[{"events":[{"introduced":"3.0.0"},{"fixed":"3.29.3"}],"type":"SEMVER"}],"versions":["3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.3.0","3.3.1","3.3.2","3.3.3","3.4.0","3.4.1","3.4.2","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.4.10","3.4.11","3.4.12","3.4.13","3.4.14","3.4.15","3.4.16","3.4.17","3.4.18","3.4.19","3.4.20","3.4.21","3.4.22","3.4.23","3.4.24","3.4.25","3.4.26","3.4.27","3.4.28","3.4.29","3.4.30","3.4.31","3.4.32","3.4.33","3.4.34","3.4.35","3.4.36","3.4.37","3.4.38","3.4.39","3.4.40","3.4.41","3.4.42","3.4.43","3.4.44","3.4.45","3.4.46","3.4.47","3.4.48","3.4.49","3.4.50","3.4.51","3.4.52","3.4.53","3.4.54","3.4.55","3.4.56","3.4.57","3.4.58","3.4.59","3.4.60","3.4.61","3.4.62","3.4.63","3.4.64","3.4.65","3.4.66","3.4.67","3.4.68","3.4.69","3.4.70","3.4.71","3.4.72","3.4.73","3.4.74","3.5.0","3.5.1","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.7","3.5.8","3.5.9","3.5.10","3.5.11","3.5.12","3.5.13","3.5.14","3.5.15","3.5.16","3.5.17","3.5.18","3.5.19","3.5.20","3.5.21","3.5.22","3.5.23","3.5.24","3.5.25","3.5.26","3.5.27","3.5.28","3.5.29","3.5.30","3.5.31","3.5.32","3.5.33","3.5.34","3.5.35","3.5.36","3.5.37","3.5.38","3.5.39","3.5.40","3.5.41","3.5.42","3.5.43","3.6.0","3.6.1","3.6.2","3.6.3","3.7.0","3.7.1","3.7.2","3.7.3","3.7.4","3.7.5","3.7.6","3.8.0","3.9.0","3.10.0","3.10.1","3.11.0","3.11.1","3.11.2","3.11.3","3.12.0","3.13.0","3.13.1","3.13.2","3.14.0","3.14.1","3.15.0","3.16.0","3.17.0","3.17.1","3.18.0","3.19.0","3.19.1","3.19.2","3.19.3","3.20.0","3.21.0","3.21.1","3.21.2","3.21.3","3.22.0","3.22.1","3.22.2","3.23.0","3.23.1","3.24.0","3.24.1","3.24.2","3.24.3","3.24.4","3.24.5","3.24.6","3.24.7","3.25.0","3.25.1","3.25.2","3.26.0","3.27.0","3.27.1","3.27.2","3.27.3","3.27.4","3.27.5","3.27.6","3.27.7","3.27.8","3.28.0","3.29.0","3.29.1","3.29.2"]},{"ranges":[{"events":[{"introduced":"5967ed3a483ab949866e6d7b043b043e61703f17"},{"fixed":"d9b3100219b3ea86d73202bf7368c03a7688efea"}],"repo":"https://github.com/ash-project/ash","type":"GIT"}]}],"aliases":["GHSA-f4hc-ppw9-4hhw","CVE-2026-55736"],"credits":[{"name":"Alfred Vié","type":"FINDER"},{"name":"Zach Daniel","type":"REMEDIATION_REVIEWER"},{"name":"Jonatan Männchen / EEF","type":"ANALYST"}],"database_specific":{"capec_ids":["CAPEC-77"],"cpe_ids":["cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"],"cwe_ids":["CWE-915"]},"details":"## Summary\n\nImproperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code.\n\nAction arguments declared with public?: false are meant to be set internally (for example via Ash.Changeset.set\\_private\\_argument/3) and must not be settable from end-user input. When a changeset is built from a parameter map, Ash filters out private arguments, but the filtering is incomplete.\n\nIn the regular changeset path (for\\_create, for\\_update, for\\_destroy), private arguments are stripped only when the parameter key is an atom. When the key is a binary (string), as is the case for user-supplied parameters, the private argument is kept and the user controls its value. In the atomic path (Ash.Changeset.fully\\_atomic\\_changeset/4, also reached through atomic and bulk updates), private arguments are not stripped at all, regardless of whether the key is an atom or a binary.\n\nAn attacker who can submit parameters to an action that defines a private argument can therefore inject a value for that argument. Depending on how the application uses the argument (for example an acting\\_user\\_id driving authorization or record ownership), this can lead to an integrity violation or privilege escalation.\n\nThis issue affects ash: from 3.0.0 before 3.29.3.\n\n## Configuration\n\nAn action must declare a private argument (one defined with public?: false) whose value is meant to be set only by trusted server-side code, and the application must build the changeset from untrusted user-supplied parameters, passing them straight into Ash.Changeset.for\\_create/3, for\\_update/3, for\\_destroy/3, or into an atomic or bulk update.","id":"EEF-CVE-2026-55736","modified":"2026-06-23T18:21:13.033Z","published":"2026-06-23T18:21:13.033Z","references":[{"type":"ADVISORY","url":"https://github.com/ash-project/ash/security/advisories/GHSA-f4hc-ppw9-4hhw"},{"type":"WEB","url":"https://cna.erlef.org/cves/CVE-2026-55736.html"},{"type":"FIX","url":"https://github.com/ash-project/ash/commit/d9b3100219b3ea86d73202bf7368c03a7688efea"},{"type":"PACKAGE","url":"https://hex.pm/packages/ash"}],"related":[],"schema_version":"1.7.3","severity":[{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"}],"summary":"Private action arguments can be set by user input in Ash","upstream":[]}