CVE-2026-43510

Source
https://cve.org/CVERecord?id=CVE-2026-43510
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43510.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43510
Aliases
  • GHSA-6wrg-x3j6-x464
Published
2026-05-07T18:50:56.944Z
Modified
2026-07-08T08:11:58.742532706Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H CVSS Calculator
Summary
CISA manage.get.gov insecure portfolio administrative privileges
Details

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43510.json",
    "cna_assigner": "cisa-cg",
    "cwe_ids": [
        "CWE-266"
    ]
}
References

Affected packages

Git / github.com/cisagov/manage.get.gov

Affected ranges

Type
GIT
Repo
https://github.com/cisagov/manage.get.gov
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.92.0"
        },
        {
            "fixed": "1.176.0"
        }
    ]
}

Affected versions

Other
Staging-168
Staging-169
Staging-174
staging-138
staging-139
staging-140
staging-141
staging-142
staging-143
staging-144
staging-145
staging-146
staging-147
staging-148
staging-149
staging-150
staging-151
staging-152
staging-153
staging-154
staging-155
staging-156
staging-157
staging-158
staging-159
staging-160
staging-161
staging-162
staging-163
staging-164
staging-165
staging-166
staging-167
staging-170
staging-171
staging-172
staging-173
staging-175
staging-176
staging-177
staging-178
staging-179
staging-180
staging-181
staging-182
staging-183
staging-184
staging-185
staging-186
staging-187
staging-188
staging-189
staging-190
staging-191
staging-192
staging-193
staging-194
staging-195
staging-196
staging-197
staging-198
staging-199
staging-200
staging-201
staging-202
staging-203
staging-204
staging-205
staging-206
staging-207
staging-208
staging-209
staging-209-hotfix
staging-210
staging-211
staging-211-hotfix
staging-212
staging-213
staging-214
staging-215
staging-216
staging-217
staging-218
staging-219
staging-220
staging-221
staging-222
staging-223
staging-142.*
staging-142.1-hotfix
v1.*
v1.101.0
v1.102.0
v1.103.0
v1.104.0
v1.105.0
v1.106.0
v1.107.0
v1.108.0
v1.109.0
v1.110.0
v1.111.0
v1.112.0
v1.113.0
v1.113.1
v1.114.0
v1.115.0
v1.116.0
v1.117.0
v1.118.0
v1.119.0
v1.120.0
v1.121.0
v1.122.0
v1.123.0
v1.124.0
v1.125.0
v1.126.0
v1.127.0
v1.128.0
v1.130.0
v1.131.0
v1.132.0
v1.133.0
v1.134.0
v1.135.0
v1.137.0
v1.140.0
v1.141.0
v1.142.0
v1.143.0
v1.144.0
v1.145.0
v1.147.0
v1.149.0
v1.150.0
v1.151.0
v1.152.0
v1.153.0
v1.154.0
v1.155.0
v1.156.0
v1.157.0
v1.158.0
v1.159.0
v1.161.0
v1.162.0
v1.163.0
v1.164.0
v1.165.0
v1.166.0
v1.167.0
v1.168.0
v1.169.0
v1.170.0
v1.171.0
v1.172.0
v1.173.0
v1.174.0
v1.175.0
v1.92.0
v1.93.0
v1.94.0
v1.95.0
v1.96.0
v1.98.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43510.json"