CVE-2026-43510

Published: May 7, 2026Modified: May 7, 2026

7.0

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)

Description

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (6)

https://github.com/cisagov/manage.get.gov/issues/4858

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://github.com/cisagov/manage.get.gov/pull/4900

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

https://www.cve.org/CVERecord?id=CVE-2026-43510

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Timeline

No history available yet.