CVE-2026-43510 HIGH

CVE-2026-43510: CISA manage.get.gov insecure portfolio administrative privileges

Vendor Cisa
Product manage.get.gov
Weakness CWE-266
Published May 7, 2026
Last update May 10, 2026

CVSS base score

7.0/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

Key dates

02Disclosure timeline

May 7, 2026 CVE published
May 10, 2026 Record updated