CISA manage.get.gov insecure portfolio administrative privileges_CVE-2026-43510

7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Description

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

Basic Information

ID CVE-2026-43510

Source cisa-cg

Published May 7, 2026 at 18:50

Affected Product

Vendor CISA

Product manage.get.gov

Affected Versions CISA manage.get.gov 0

CWE Classification

CWE-266

References

{
    "lastseen": "",
    "description": "manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.",
    "published": "2026-05-07T18:50:56.944Z",
    "modified": "2026-05-07T18:50:56.944Z",
    "type": "cve",
    "title": "CISA manage.get.gov insecure portfolio administrative privileges",
    "source": "cisa-cg",
    "references": "https://github.com/cisagov/manage.get.gov/pull/4900\nhttps://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0\nhttps://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464\nhttps://www.cve.org/CVERecord?id=CVE-2026-43510\nhttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json\nhttps://github.com/cisagov/manage.get.gov/issues/4858",
    "id": "CVE-2026-43510",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "CISA manage.get.gov 0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "manage.get.gov",
    "version": "0",
    "vendor": "CISA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}