Skip to main content

Manage Get Gov

1 CVEs product

Monthly

CVE-2026-43510 MEDIUM PATCH This Month

Privilege escalation in CISA's manage.get.gov 1.x allows organization administrators to assign domain manager privileges for domains outside their portfolio, including legacy domains not associated with any organization. The vulnerability enables cross-portfolio domain takeover scenarios where an authenticated admin can grant themselves or others unauthorized domain management access. Fixed in version 1.176.0 released April 30, 2026. No public exploit identified at time of analysis, EPSS risk assessment not available for this CVE.

Information Disclosure Manage Get Gov
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Privilege escalation in CISA's manage.get.gov 1.x allows organization administrators to assign domain manager privileges for domains outside their portfolio, including legacy domains not associated with any organization. The vulnerability enables cross-portfolio domain takeover scenarios where an authenticated admin can grant themselves or others unauthorized domain management access. Fixed in version 1.176.0 released April 30, 2026. No public exploit identified at time of analysis, EPSS risk assessment not available for this CVE.

Information Disclosure Manage Get Gov
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy