Description
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code.

Action arguments declared with public?: false are meant to be set internally (for example via Ash.Changeset.set_private_argument/3) and must not be settable from end-user input. When a changeset is built from a parameter map, Ash filters out private arguments, but the filtering is incomplete.

In the regular changeset path (for_create, for_update, for_destroy), private arguments are stripped only when the parameter key is an atom. When the key is a binary (string), as is the case for user-supplied parameters, the private argument is kept and the user controls its value. In the atomic path (Ash.Changeset.fully_atomic_changeset/4, also reached through atomic and bulk updates), private arguments are not stripped at all, regardless of whether the key is an atom or a binary.

An attacker who can submit parameters to an action that defines a private argument can therefore inject a value for that argument. Depending on how the application uses the argument (for example an acting_user_id driving authorization or record ownership), this can lead to an integrity violation or privilege escalation.

This issue affects ash: from 3.0.0 before 3.29.3.
Published: 2026-06-23
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper filter in Ash’s changeset constructor allows a user to override private action arguments, which are intended to be set only by trusted server‑side code. When the parameters are supplied as string keys, Ash retains the private arguments instead of stripping them, enabling the attacker to inject arbitrary values. If the application utilizes those arguments for ownership or authorization checks, this can result in integrity violations or privilege escalation.

Affected Systems

The flaw affects applications that use the Ash framework in any Elixir project from version 3.0.0 up to, but not including, 3.29.3. The Ash project is the vendor and the product is the Ash framework, which developers embed to manage changesets and actions.

Risk and Exploitability

The CVSS base score of 5.9 indicates moderate severity. EPSS is currently unavailable and the issue is not listed in CISA’s KEV catalog, lowering the immediate perception of threat. The attack vector requires an attacker to submit crafted parameters to an action that declares a private argument, which is typically feasible when user input is passed directly to an Ash changeset. Successful exploitation can allow unauthorized manipulation of protected data or elevation of privileges within the application.

Generated by OpenCVE AI on June 24, 2026 at 10:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ash to version 3.29.3 or later to apply the changeset filtering fix.
  • If upgrading is delayed, audit and cleanse all changeset calls so that private arguments are never passed in via user‑supplied maps—delete them or convert parameter keys to atoms before passing them to Ash.
  • Add unit tests or static‑analysis checks that validate private arguments are not exposed through public APIs and that authentication or authorization logic cannot be subverted by external parameters.

Generated by OpenCVE AI on June 24, 2026 at 10:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant to be set internally (for example via Ash.Changeset.set_private_argument/3) and must not be settable from end-user input. When a changeset is built from a parameter map, Ash filters out private arguments, but the filtering is incomplete. In the regular changeset path (for_create, for_update, for_destroy), private arguments are stripped only when the parameter key is an atom. When the key is a binary (string), as is the case for user-supplied parameters, the private argument is kept and the user controls its value. In the atomic path (Ash.Changeset.fully_atomic_changeset/4, also reached through atomic and bulk updates), private arguments are not stripped at all, regardless of whether the key is an atom or a binary. An attacker who can submit parameters to an action that defines a private argument can therefore inject a value for that argument. Depending on how the application uses the argument (for example an acting_user_id driving authorization or record ownership), this can lead to an integrity violation or privilege escalation. This issue affects ash: from 3.0.0 before 3.29.3.
Title Private action arguments can be set by user input in Ash
First Time appeared Ash-project
Ash-project ash
Weaknesses CWE-915
CPEs cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*
Vendors & Products Ash-project
Ash-project ash
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Ash-project Ash
cve-icon MITRE

Status: PUBLISHED

Assigner: EEF

Published:

Updated: 2026-06-23T18:21:13.033Z

Reserved: 2026-06-17T10:44:34.365Z

Link: CVE-2026-55736

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:15:05Z

Weaknesses
  • CWE-915

    Improperly Controlled Modification of Dynamically-Determined Object Attributes