HIGHCVE-2026-43510Published 2026-05-07Modified 2026-05-10CNA cisa-cg

CVE-2026-43510: CISA manage.get.gov insecure portfolio administrative privileges

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.

CVSS v4.0: 7.0
Severity: HIGH
Fixed in: 1.176.0
Affected Products: 1

Fix available

1.176.0

Patch commits

Affected packages

CISA / manage.get.gov
< 1.176.0 (from 1.92.0)
Fixed in 1.176.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

References

Metrics

Fix available