CVE-2026-43510: CISA's manage.get.gov Domain Manager Vulnerability

/HIGH /CVSS 7.6/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-266
CVE-2026-43510: CISA's manage.get.gov Domain Manager Vulnerability

The National Vulnerability Database has disclosed CVE-2026-43510, a high-severity vulnerability (CVSS 7.6) affecting CISA’s manage.get.gov, the registrar for .gov TLDs. This flaw, categorized as CWE-266 (Incorrect Permission Assignment for Critical Resource), allowed an organization administrator to assign domain manager privileges for .gov domains not already associated with another organization.

This is a critical access control bypass. An attacker leveraging this vulnerability could have seized control of unassigned .gov domains, potentially enabling widespread abuse. Think about the impact: DNS manipulation, email interception, website defacement, or even spear-phishing campaigns from highly trusted .gov infrastructure. It’s a direct path to undermining trust in government digital services.

CISA addressed this issue in version 1.176.0 of manage.get.gov on or around April 30, 2026. While the National Vulnerability Database does not specify affected products beyond manage.get.gov itself, the implications for any organization relying on .gov domains are clear. This isn’t just a CISA problem; it’s a foundational security issue for the entire U.S. government digital ecosystem.

What This Means For You

  • If your organization manages or relies on .gov domains, understand the historical context of this vulnerability. While patched, the existence of CVE-2026-43510 highlights the critical importance of robust access controls and continuous auditing for domain management systems. Ensure your domain registration and management processes are thoroughly secured and regularly reviewed for similar permission flaws.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-43510: Unauthorized Domain Manager Assignment Attempt on manage.get.gov

Sigma YAML — free preview 
title: CVE-2026-43510: Unauthorized Domain Manager Assignment Attempt on manage.get.gov
id: scw-2026-05-07-ai-1
status: experimental
level: high
description: |
  This rule detects attempts to exploit CVE-2026-43510 by identifying POST requests to the /api/v1/domains/ endpoint with a query parameter indicating an attempt to assign a domain manager. This is specific to the vulnerability in CISA's manage.get.gov domain registrar where an organization administrator could assign domain manager privileges for domains not already in another organization.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-43510/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/api/v1/domains/'
      cs-method:
          - 'POST'
      cs-uri-query|contains:
          - 'action=assign_manager'
  selection_base:
      sc-status:
          - '200'
      condition: selection AND selection_base
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-43510 Privilege Escalation manage.get.gov
CVE-2026-43510 Privilege Escalation manage.get.gov versions prior to 1.176.0

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 07, 2026 at 23:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8098: SQL Injection in code-projects Feedback System 1.0

CVE-2026-8098 — A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of...

vulnerabilityCVEhigh-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-8097 — CodeAstro Online Classroom SQL Injection

CVE-2026-8097 — A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-42449: n8n-MCP SSRF Bypasses IPv6 Checks

CVE-2026-42449 — n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the...

vulnerabilityCVEhigh-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /HIGH /8.5 /⚑ 5 IOCs /⚙ 4 Sigma