Domain Management Privilege Escalation in CISA's .gov Registrar
CVE-2026-43510
7HIGH
What is CVE-2026-43510?
The .gov TLD registrar, managed by CISA, experienced a privilege escalation vulnerability that allowed organization administrators to assign domain manager privileges to domains not already associated with another organization. This risk could potentially enable unauthorized users to gain control over domains, impacting their security and management. The issue was addressed in version 1.176.0, released on or around April 30, 2026. Users are advised to update to the latest version to ensure their domain management processes remain secure.
Affected Version(s)
manage.get.gov 0 < 1.176.0
manage.get.gov 1.176.0