Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for manage.get.gov by CISA

    CVE-2026-43510 (GCVE-0-2026-43510)

    Vulnerability from nvd – Published: 2026-05-07 18:50 – Updated: 2026-06-25 16:02
    VLAI
    Title
    CISA manage.get.gov insecure portfolio administrative privileges
    Summary
    manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Vendor Product Version
    CISA manage.get.gov Affected: 1.92.0 , < 1.176.0 (custom)
    Unaffected: 1.176.0
    Create a notification for this product.
    Date Public
    2026-04-24 00:00
    Credits
    bn-omran (@scofaild23)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43510",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-10T14:54:16.440795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-10T14:54:27.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "manage.get.gov",
              "vendor": "CISA",
              "versions": [
                {
                  "lessThan": "1.176.0",
                  "status": "affected",
                  "version": "1.92.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.176.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "bn-omran (@scofaild23)"
            }
          ],
          "datePublic": "2026-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2026-43510",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2026-05-04T21:02:15.750389Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266 Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T16:02:13.965Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/pull/4900"
            },
            {
              "name": "url",
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0"
            },
            {
              "name": "url",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464"
            },
            {
              "name": "url",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-43510"
            },
            {
              "name": "url",
              "tags": [
                "government-resource",
                "third-party-advisory"
              ],
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json"
            },
            {
              "name": "url",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/issues/4858"
            },
            {
              "name": "url",
              "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H"
            }
          ],
          "title": "CISA manage.get.gov insecure portfolio administrative privileges"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2026-43510",
        "datePublished": "2026-05-07T18:50:56.944Z",
        "dateReserved": "2026-05-01T15:27:56.173Z",
        "dateUpdated": "2026-06-25T16:02:13.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43510 (GCVE-0-2026-43510)

    Vulnerability from cvelistv5 – Published: 2026-05-07 18:50 – Updated: 2026-06-25 16:02
    VLAI
    Title
    CISA manage.get.gov insecure portfolio administrative privileges
    Summary
    manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Vendor Product Version
    CISA manage.get.gov Affected: 1.92.0 , < 1.176.0 (custom)
    Unaffected: 1.176.0
    Create a notification for this product.
    Date Public
    2026-04-24 00:00
    Credits
    bn-omran (@scofaild23)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43510",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-10T14:54:16.440795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-10T14:54:27.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "manage.get.gov",
              "vendor": "CISA",
              "versions": [
                {
                  "lessThan": "1.176.0",
                  "status": "affected",
                  "version": "1.92.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.176.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "bn-omran (@scofaild23)"
            }
          ],
          "datePublic": "2026-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            },
            {
              "other": {
                "content": {
                  "id": "CVE-2026-43510",
                  "options": [
                    {
                      "Exploitation": "none"
                    },
                    {
                      "Automatable": "no"
                    },
                    {
                      "Technical Impact": "partial"
                    }
                  ],
                  "role": "CISA Coordinator",
                  "timestamp": "2026-05-04T21:02:15.750389Z",
                  "version": "2.0.3"
                },
                "type": "ssvc"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266 Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T16:02:13.965Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/pull/4900"
            },
            {
              "name": "url",
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0"
            },
            {
              "name": "url",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464"
            },
            {
              "name": "url",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-43510"
            },
            {
              "name": "url",
              "tags": [
                "government-resource",
                "third-party-advisory"
              ],
              "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json"
            },
            {
              "name": "url",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/cisagov/manage.get.gov/issues/4858"
            },
            {
              "name": "url",
              "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H"
            }
          ],
          "title": "CISA manage.get.gov insecure portfolio administrative privileges"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2026-43510",
        "datePublished": "2026-05-07T18:50:56.944Z",
        "dateReserved": "2026-05-01T15:27:56.173Z",
        "dateUpdated": "2026-06-25T16:02:13.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }