Skip to main content

Ethereum Name Service

3 CVEs product

Monthly

CVE-2026-22866 npm HIGH MAL This Week

Improper RSA signature validation in Ethereum Name Service (ENS) versions 1.6.2 and earlier allows attackers to forge DNS signatures for domains under .cc and .name TLDs, enabling unauthorized domain claims on ENS without actual DNS ownership. The vulnerability exploits Bleichenbacher's 2006 attack against RSA keys with low public exponents (e=3), which are used by these two TLDs' Key Signing Keys. No patch is currently available, leaving affected domains vulnerable to takeover attacks.

Information Disclosure Ethereum Name Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-38698 npm MEDIUM POC PATCH MAL This Month

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ethereum Name Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5232 npm HIGH PATCH This Week

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ethereum Name Service
NVD GitHub
CVSS 3.1
8.7
EPSS
1.2%
EPSS 0% CVSS 7.5
HIGH This Week

Improper RSA signature validation in Ethereum Name Service (ENS) versions 1.6.2 and earlier allows attackers to forge DNS signatures for domains under .cc and .name TLDs, enabling unauthorized domain claims on ENS without actual DNS ownership. The vulnerability exploits Bleichenbacher's 2006 attack against RSA keys with low public exponents (e=3), which are used by these two TLDs' Key Signing Keys. No patch is currently available, leaving affected domains vulnerable to takeover attacks.

Information Disclosure Ethereum Name Service
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ethereum Name Service
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ethereum Name Service
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy