Lucene search
K

5 matches found

CVE
CVE
added 2026/06/23 6:21 p.m.12 views

CVE-2026-55736

CVE-2026-55736 (Ash project) : A logic flaw in Ash allows end-user input to set private action arguments intended to be server-controlled. In non-atomic paths, private arguments are stripped only when the parameter key is an atom; if the key is a string, the private argument remains controllable ...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 6:21 p.m.40 views

CVE-2026-55736 Private action arguments can be set by user input in Ash

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS0.00152EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 6:21 p.m.5 views

EEF-CVE-2026-55736 Private action arguments can be set by user input in Ash

Summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 6:21 p.m.3 views

CVE-2026-55736 Private action arguments can be set by user input in Ash

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.9AI score0.00152EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51581

Name of the Vulnerable Software and Affected Versions ash-project ash versions 3.0.0 through 3.29.2 Description An issue exists where users can set the value of a private action argument intended to be controlled exclusively by trusted server-side code. Action arguments declared with public?: fal...

5.9CVSS5.7AI score0.00152EPSS
Exploits0References13
Rows per page
Query Builder