GHSA-C6RR-7PMC-73WC

Vulnerability from github – Published: 2026-02-25 18:26 – Updated: 2026-02-27 20:55
VLAI?
Summary
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Details

Impact

The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership.

Affected contracts

Contract Address Status
RSASHA256Algorithm 0x9D1B5a639597f558bC37Cf81813724076c5C1e96 Vulnerable
RSASHA1Algorithm 0x6ca8624Bc207F043D140125486De0f7E624e37A1 Vulnerable
DNSSECImpl 0x0fc3152971714E5ed7723FAFa650F86A4BaF30C5 Uses vulnerable algorithms
DNSRegistrar 0xB32cB5677a7C971689228EC835800432B339bA2B Attack entry point

Patches

The bug was reported via Immunefi with possible solutions. The patch was merged at https://github.com/ensdomains/ens-contracts/commit/c76c5ad0dc9de1c966443bd946fafc6351f87587

Workarounds

  • Deploy the patched contracts
  • Point DNSSECImpl.setAlgorithm to the deployed contract

Resources

https://github.com/ensdomains/ens-contracts-bug-62248-pr-509

Severity ?
2.7 (Low)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@ensdomains/ens-contracts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-25T18:26:58Z",
    "nvd_published_at": "2026-02-25T16:23:25Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nThe `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher\u0027s 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership.\n\nAffected contracts\n\nContract | Address | Status\n-- | -- | --\nRSASHA256Algorithm | 0x9D1B5a639597f558bC37Cf81813724076c5C1e96 | Vulnerable\nRSASHA1Algorithm | 0x6ca8624Bc207F043D140125486De0f7E624e37A1 | Vulnerable\nDNSSECImpl | 0x0fc3152971714E5ed7723FAFa650F86A4BaF30C5 | Uses vulnerable algorithms\nDNSRegistrar | 0xB32cB5677a7C971689228EC835800432B339bA2B | Attack entry point\n\n\n\n\n### Patches\n\nThe bug was reported via Immunefi with possible solutions. The patch was merged at https://github.com/ensdomains/ens-contracts/commit/c76c5ad0dc9de1c966443bd946fafc6351f87587\n\n\n### Workarounds\n\n- Deploy the patched contracts\n- Point DNSSECImpl.setAlgorithm to the deployed contract\n\n### Resources\n\nhttps://github.com/ensdomains/ens-contracts-bug-62248-pr-509",
  "id": "GHSA-c6rr-7pmc-73wc",
  "modified": "2026-02-27T20:55:13Z",
  "published": "2026-02-25T18:26:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-c6rr-7pmc-73wc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22866"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ensdomains/ens-contracts/commit/c76c5ad0dc9de1c966443bd946fafc6351f87587"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ensdomains/ens-contracts"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ensdomains/ens-contracts-bug-62248-pr-509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.