CVE-2026-22866
Published: 25 February 2026
Summary
CVE-2026-22866 is a low-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Ens.Domains Ethereum Name Service. Its CVSS base score is 2.7 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Subvert Trust Controls (T1553); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-11 (Developer Testing and Evaluation) and SC-13 (Cryptographic Protection).
Deeper analysis
CVE-2026-22866 affects the Ethereum Name Service (ENS), a distributed naming system on the Ethereum blockchain, specifically in versions 1.6.2 and prior of the ens-contracts repository. The vulnerability resides in the RSASHA256Algorithm and RSASHA1Algorithm smart contracts, which fail to properly validate the PKCS#1 v1.5 padding structure during RSA signature verification. Instead, these contracts only check if the last 32 bytes (for SHA256) or 20 bytes (for SHA1) of the decrypted signature match the expected hash. This flaw enables Bleichenbacher's 2006 million-message attack for forging signatures on RSA keys with low public exponents (e=3), classified under CWE-347 (Improper Verification of Cryptographic Signature) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Attackers require no privileges and can exploit this remotely over the network with low complexity. The issue impacts DNS zones using vulnerable RSA keys, particularly two ENS-supported top-level domains (.cc and .name), whose Key Signing Keys employ e=3. An attacker can forge DNSSEC signatures to fraudulently claim ownership of any subdomain under these TLDs on the ENS platform without controlling the actual DNS records, potentially enabling domain hijacking in the ENS ecosystem.
Mitigation involves deploying the patched versions of the affected contracts, with the fix merged in commit c76c5ad0dc9de1c966443bd946fafc6351f87587. As a workaround, operators can deploy the corrected contracts and update DNSSECImpl.setAlgorithm to reference them. Detailed guidance is available in the ENS contracts security advisory (GHSA-c6rr-7pmc-73wc) and the associated pull request.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8679
Vulnerability details
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts…
more
only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Signature verification bypass enables subverting trust controls and facilitates domain infrastructure compromise via forged DNSSEC signatures.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and patching of flaws like the improper PKCS#1 v1.5 padding validation in RSASHA256Algorithm and RSASHA1Algorithm contracts, directly enabling deployment of the fix at commit c76c5ad0dc9de1c966443bd946fafc6351f87587.
Mandates implementation of cryptographic protection mechanisms in accordance with NIST standards, ensuring full PKCS#1 v1.5 padding validation during RSA signature verification to block Bleichenbacher forgery attacks on low-exponent keys.
Requires developer testing and evaluation using defined methodologies to identify and correct cryptographic implementation flaws such as incomplete signature padding checks prior to ENS contract deployment.