CVE-2026-43510 | THREATINT

Description

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-07 | Updated 2026-05-08 | Assigner cisa-cg

HIGH: 7.0CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

Problem types

CWE-266 Incorrect Privilege Assignment

Product status

Default status

unknown

1.92.0 (custom) before 1.176.0

affected

1.176.0

unaffected

Credits

bn-omran (@scofaild23)

References

github.com/cisagov/manage.get.gov/pull/4900 (url) patch

github.com/cisagov/manage.get.gov/releases/tag/v1.176.0 (url) release-notes

github.com/...et.gov/security/advisories/GHSA-6wrg-x3j6-x464 (url) vendor-advisory

www.cve.org/CVERecord?id=CVE-2026-43510 (url) vdb-entry

raw.githubusercontent.com/...IT/white/2026/va-26-121-01.json (url) government-resource third-party-advisory

github.com/cisagov/manage.get.gov/issues/4858 (url) issue-tracking

cve.org (CVE-2026-43510)

nvd.nist.gov (CVE-2026-43510)

Download JSON