Ethereum Name Service

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-22866 npm HIGH MAL This Week

Improper RSA signature validation in Ethereum Name Service (ENS) versions 1.6.2 and earlier allows attackers to forge DNS signatures for domains under .cc and .name TLDs, enabling unauthorized domain claims on ENS without actual DNS ownership. The vulnerability exploits Bleichenbacher's 2006 attack against RSA keys with low public exponents (e=3), which are used by these two TLDs' Key Signing Keys. No patch is currently available, leaving affected domains vulnerable to takeover attacks.

Information Disclosure Ethereum Name Service

NVD GitHub

CVSS 3.1

7.5

EPSS

0.0%

CVE-2026-22866 npm

EPSS 0% CVSS 7.5

HIGH This Week

Improper RSA signature validation in Ethereum Name Service (ENS) versions 1.6.2 and earlier allows attackers to forge DNS signatures for domains under .cc and .name TLDs, enabling unauthorized domain claims on ENS without actual DNS ownership. The vulnerability exploits Bleichenbacher's 2006 attack against RSA keys with low public exponents (e=3), which are used by these two TLDs' Key Signing Keys. No patch is currently available, leaving affected domains vulnerable to takeover attacks.

Information Disclosure Ethereum Name Service

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy