{"id":"CVE-2026-43510","summary":"CISA manage.get.gov insecure portfolio administrative privileges","details":"manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.","aliases":["GHSA-6wrg-x3j6-x464"],"modified":"2026-07-08T08:11:58.742532706Z","published":"2026-05-07T18:50:56.944Z","database_specific":{"cwe_ids":["CWE-266"],"cna_assigner":"cisa-cg","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43510.json"},"references":[{"type":"WEB","url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43510.json"},{"type":"ADVISORY","url":"https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0"},{"type":"ADVISORY","url":"https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43510"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-43510"},{"type":"REPORT","url":"https://github.com/cisagov/manage.get.gov/issues/4858"},{"type":"FIX","url":"https://github.com/cisagov/manage.get.gov/pull/4900"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisagov/manage.get.gov","events":[{"introduced":"dbc2816ce5ec5acfb14820753d0fb75a48c4d52b"},{"fixed":"a4f80412067f592b4a9ae4de1c13b355235e97a3"}],"database_specific":{"source":["AFFECTED_FIELD","REFERENCES"],"extracted_events":[{"introduced":"1.92.0"},{"fixed":"1.176.0"}]}}],"versions":["v1.174.0","staging-222","v1.175.0","staging-223","v1.173.0","staging-221","v1.172.0","staging-220","v1.171.0","staging-219","v1.170.0","staging-218","v1.169.0","staging-217","v1.168.0","staging-216","v1.167.0","staging-215","v1.166.0","staging-214","v1.165.0","staging-213","v1.164.0","staging-212","v1.163.0","staging-211-hotfix","staging-211","v1.162.0","staging-210","v1.161.0","staging-209-hotfix","staging-209","staging-208","v1.159.0","staging-207","v1.158.0","staging-206","v1.157.0","staging-205","v1.156.0","staging-204","v1.154.0","staging-202","v1.155.0","staging-203","v1.153.0","staging-201","v1.152.0","staging-200","v1.151.0","staging-199","v1.150.0","staging-198","v1.149.0","staging-197","staging-196","v1.147.0","staging-195","staging-194","v1.144.0","staging-192","v1.145.0","staging-193","v1.142.0","staging-190","v1.143.0","staging-191","v1.141.0","staging-189","v1.140.0","staging-188","staging-187","staging-186","v1.137.0","staging-185","staging-184","v1.135.0","staging-183","v1.134.0","staging-182","v1.133.0","staging-181","v1.132.0","staging-180","v1.131.0","staging-179","v1.130.0","staging-178","staging-177","v1.128.0","staging-176","v1.127.0","staging-175","v1.126.0","Staging-174","v1.125.0","staging-173","v1.124.0","staging-172","v1.123.0","staging-171","v1.122.0","staging-170","v1.120.0","Staging-168","v1.121.0","Staging-169","v1.119.0","staging-167","v1.118.0","staging-166","v1.117.0","staging-165","v1.116.0","staging-164","v1.115.0","staging-163","v1.114.0","staging-162","v1.113.1","staging-161","v1.113.0","staging-160","v1.112.0","staging-159","staging-158","v1.111.0","staging-157","v1.110.0","staging-156","v1.109.0","staging-155","v1.108.0","staging-154","v1.107.0","staging-153","v1.106.0","staging-152","v1.105.0","staging-151","v1.104.0","staging-150","v1.103.0","staging-149","v1.102.0","staging-148","v1.101.0","staging-147","staging-146","staging-145","v1.98.0","staging-144","staging-142.1-hotfix","staging-143","v1.96.0","staging-142","v1.95.0","staging-141","v1.94.0","staging-140","v1.93.0","staging-139","v1.92.0","staging-138"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43510.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H"}]}