CVE-2026-22866

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/ensdomains/ens-contracts-bug-62248-pr-509	Patch Release Notes
https://github.com/ensdomains/ens-contracts/commit/c76c5ad0dc9de1c966443bd946fafc6351f87587	Patch
https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-c6rr-7pmc-73wc	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-25 16:23

Updated : 2026-03-13 01:02

NVD link : CVE-2026-22866

Mitre link : CVE-2026-22866

CVE.ORG link : CVE-2026-22866

JSON object : View

Products Affected

ens.domains

ethereum_name_service

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2026-22866", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-25T16:23:25.277", "references": [{"url": "https://github.com/ensdomains/ens-contracts-bug-62248-pr-509", "tags": ["Patch", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ensdomains/ens-contracts/commit/c76c5ad0dc9de1c966443bd946fafc6351f87587", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ensdomains/ens-contracts/security/advisories/GHSA-c6rr-7pmc-73wc", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract."}, {"lang": "es", "value": "El Servicio de Nombres de Ethereum (ENS) es un sistema de nombres distribuido, abierto y extensible basado en la cadena de bloques de Ethereum. En las versiones 1.6.2 y anteriores, los contratos 'RSASHA256Algorithm' y 'RSASHA1Algorithm' no logran validar la estructura de relleno PKCS#1 v1.5 al verificar firmas RSA. Los contratos solo verifican si los \u00faltimos 32 (o 20) bytes de la firma descifrada coinciden con el hash esperado. Esto permite el ataque de falsificaci\u00f3n de firmas de Bleichenbacher de 2006 contra zonas DNS que utilizan claves RSA con exponentes p\u00fablicos bajos (e=3). Dos TLDs compatibles con ENS (.cc y .name) usan e=3 para sus Claves de Firma de Claves, permitiendo que cualquier dominio bajo estos TLDs sea reclamado fraudulentamente en ENS sin la propiedad de DNS. Un parche fue fusionado en el commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Posibles soluciones provisionales incluyen desplegar los contratos parcheados y apuntar DNSSECImpl.setAlgorithm al contrato desplegado."}], "lastModified": "2026-03-13T01:02:53.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6CB03A-8DF6-4B9E-9356-2850DBEC1913", "versionEndIncluding": "1.6.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}