CVE-2026-22866
Published: 25 February 2026
Summary
CVE-2026-22866 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Ens.Domains Ethereum Name Service. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Subvert Trust Controls (T1553); ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures.
Component authenticity commonly depends on cryptographic signatures; the control enforces proper verification of those signatures.
PKI certificates under an approved policy require cryptographic signature verification on issuance and validation.
Requires cryptographic signatures on authoritative data and support for verifying the chain of trust.
Mandates verification of cryptographic signatures (e.g., DNSSEC RRSIG) on resolution responses, addressing missing or bypassed signature checks.
Integrity tools commonly rely on cryptographic signatures whose improper validation this weakness covers.
Authenticity validation commonly relies on cryptographic signature or certificate checks that this control enforces.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Signature verification bypass enables subverting trust controls and facilitates domain infrastructure compromise via forged DNSSEC signatures.
NVD Description
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts…
more
only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.
Deeper analysisAI
CVE-2026-22866 affects the Ethereum Name Service (ENS), a distributed naming system on the Ethereum blockchain, specifically in versions 1.6.2 and prior of the ens-contracts repository. The vulnerability resides in the RSASHA256Algorithm and RSASHA1Algorithm smart contracts, which fail to properly validate the PKCS#1 v1.5 padding structure during RSA signature verification. Instead, these contracts only check if the last 32 bytes (for SHA256) or 20 bytes (for SHA1) of the decrypted signature match the expected hash. This flaw enables Bleichenbacher's 2006 million-message attack for forging signatures on RSA keys with low public exponents (e=3), classified under CWE-347 (Improper Verification of Cryptographic Signature) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Attackers require no privileges and can exploit this remotely over the network with low complexity. The issue impacts DNS zones using vulnerable RSA keys, particularly two ENS-supported top-level domains (.cc and .name), whose Key Signing Keys employ e=3. An attacker can forge DNSSEC signatures to fraudulently claim ownership of any subdomain under these TLDs on the ENS platform without controlling the actual DNS records, potentially enabling domain hijacking in the ENS ecosystem.
Mitigation involves deploying the patched versions of the affected contracts, with the fix merged in commit c76c5ad0dc9de1c966443bd946fafc6351f87587. As a workaround, operators can deploy the corrected contracts and update DNSSECImpl.setAlgorithm to reference them. Detailed guidance is available in the ENS contracts security advisory (GHSA-c6rr-7pmc-73wc) and the associated pull request.
Details
- CWE(s)