CVE-2026-43510
HIGH
7,0
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH
7,6
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: high
Description
AI Translation Available
manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0005
Percentile
0,2th
Updated
Single Data Point
Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.
266
Incorrect Privilege Assignment
DraftCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
https://github.com/cisagov/manage.get.gov/issues/4858
https://github.com/cisagov/manage.get.gov/pull/4900
https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0
https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x4…
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026…
https://www.cve.org/CVERecord?id=CVE-2026-43510