Cyber Resilience

CVE-2026-22866

Low

Published: 25 February 2026

Published
25 February 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v4 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 3.8th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22866 is a low-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Ens.Domains Ethereum Name Service. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Subvert Trust Controls (T1553); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-11 (Developer Testing and Evaluation) and SC-13 (Cryptographic Protection).

Deeper analysis

CVE-2026-22866 affects the Ethereum Name Service (ENS), a distributed naming system on the Ethereum blockchain, specifically in versions 1.6.2 and prior of the ens-contracts repository. The vulnerability resides in the RSASHA256Algorithm and RSASHA1Algorithm smart contracts, which fail to properly validate the PKCS#1 v1.5 padding structure during RSA signature verification. Instead, these contracts only check if the last 32 bytes (for SHA256) or 20 bytes (for SHA1) of the decrypted signature match the expected hash. This flaw enables Bleichenbacher's 2006 million-message attack for forging signatures on RSA keys with low public exponents (e=3), classified under CWE-347 (Improper Verification of Cryptographic Signature) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Attackers require no privileges and can exploit this remotely over the network with low complexity. The issue impacts DNS zones using vulnerable RSA keys, particularly two ENS-supported top-level domains (.cc and .name), whose Key Signing Keys employ e=3. An attacker can forge DNSSEC signatures to fraudulently claim ownership of any subdomain under these TLDs on the ENS platform without controlling the actual DNS records, potentially enabling domain hijacking in the ENS ecosystem.

Mitigation involves deploying the patched versions of the affected contracts, with the fix merged in commit c76c5ad0dc9de1c966443bd946fafc6351f87587. As a workaround, operators can deploy the corrected contracts and update DNSSECImpl.setAlgorithm to reference them. Detailed guidance is available in the ENS contracts security advisory (GHSA-c6rr-7pmc-73wc) and the associated pull request.

EU & UK References

Vulnerability details

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts…

more

only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1553 Subvert Trust Controls Defense Impairment
Adversaries may undermine security controls that will either warn users of untrusted activity or prevent execution of untrusted programs.
T1584.001 Domains Resource Development
Adversaries may hijack domains and/or subdomains that can be used during targeting.
Why these techniques?

Signature verification bypass enables subverting trust controls and facilitates domain infrastructure compromise via forged DNSSEC signatures.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25793Shared CWE-347
CVE-2026-34240Shared CWE-347
CVE-2024-56161Shared CWE-347
CVE-2025-24043Shared CWE-347
CVE-2026-23687Shared CWE-347
CVE-2024-13172Shared CWE-347
CVE-2026-41669Shared CWE-347
CVE-2026-27962Shared CWE-347
CVE-2025-12006Shared CWE-347
CVE-2026-32974Shared CWE-347

Affected Assets

ens.domains
ethereum name service
≤ 1.6.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of flaws like the improper PKCS#1 v1.5 padding validation in RSASHA256Algorithm and RSASHA1Algorithm contracts, directly enabling deployment of the fix at commit c76c5ad0dc9de1c966443bd946fafc6351f87587.

prevent

Mandates implementation of cryptographic protection mechanisms in accordance with NIST standards, ensuring full PKCS#1 v1.5 padding validation during RSA signature verification to block Bleichenbacher forgery attacks on low-exponent keys.

prevent

Requires developer testing and evaluation using defined methodologies to identify and correct cryptographic implementation flaws such as incomplete signature padding checks prior to ENS contract deployment.

References