Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
2.7

ENS Domain Owners at Risk of Fake Domain Takeovers

CVE-2026-22866 GHSA-c6rr-7pmc-73wc
Summary

The Ethereum Name Service (ENS) has a security issue that could allow hackers to take control of certain domain names. This could happen if you own a domain in .cc or .name, and it's not a big deal if you've patched your ENS version. If you haven't patched, you should update to the latest version to prevent potential domain takeovers.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
ensdomains ens-contracts <= 1.6.2
ens.domains ethereum_name_service <= 1.6.2
Original title
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contr...
Original description
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.
nvd CVSS4.0 2.7
Vulnerability type
CWE-347 Improper Verification of Cryptographic Signature
Published: 25 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026