All 4 CVE vulnerabilities found in ash, with AI-generated Chinese analysis, references, and POCs.
Vendor: ash-project
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34593 | Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash CWE-400 | 6.5AI | MediumAI | 2026-04-02 |
| CVE-2025-48044 | Authorization bypass when bypass policy condition evaluates to true CWE-863 | 9.8AI | CriticalAI | 2025-10-17 |
| CVE-2025-48043 | Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization CWE-863 | 9.8AI | CriticalAI | 2025-10-10 |
| CVE-2025-48042 | Before action hooks may execute in certain scenarios despite a request being forbidden CWE-863 | 8.8AI | HighAI | 2025-09-07 |
All 4 known CVE vulnerabilities affecting ash with full Chinese analysis, references, and POCs where available.