Vulnerability in Ash-project Ash

CVE-2026-55736

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code…

Vulnerability class: Mass Assignment

Affected products

Ash-project Ash — versions 3.0.0, 5967ed3a483ab949866e6d7b043b043e61703f17

Weakness classification (CWE)

CWE-915 — Improperly Controlled Modification of Dynamically-Determined Object Attributes

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)