CVE-2026-43510

EUVD-2026-28434
manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Common Weakness Enumeration
References
https://github.com/cisagov/manage.get.gov/issues/4858
https://github.com/cisagov/manage.get.gov/pull/4900
https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0
https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json
https://www.cve.org/CVERecord?id=CVE-2026-43510