Description
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.
Published: 2026-02-25
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: RSA Signature Forgery Leading to Domain Hijacking
Action: Apply Patch
AI Analysis

Impact

In ENS contracts version 1.6.2 and earlier, the RSASHA256Algorithm and RSASHA1Algorithm fail to validate PKCS#1 v1.5 padding when verifying RSA signatures, allowing the classic Bleichenbacher signature forgery to generate valid signatures for a chosen hash. This flaw permits an attacker to forge signatures that appear to originate from the legitimate key signing key, effectively enabling fraudulent registration of any sub‑domain under vulnerable TLDs that use a low public exponent, such as e=3. The result is a loss of integrity and authenticity of the ENS namespace, because domain ownership can be transferred from the rightful DNS holder to an adversary without access to the DNS zone. The flaw is a form of cryptographic weakness (CWE‑347).

Affected Systems

The vulnerability affects the ENS name service contracts provided by ensdomains:ens-contracts, specifically the RSASHA256Algorithm and RSASHA1Algorithm contracts in releases 1.6.2 and earlier. ENS‑supported top‑level domains .cc and .name use the insecure e=3 key signing key and are thus directly impacted, but any ENS TLD that relies on the vulnerable contracts and a low public exponent is potentially susceptible.

Risk and Exploitability

The CVSS score is 2.7, indicating a low overall severity, and the EPSS score is less than 1 %, implying a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Nevertheless, the attack is straightforward for an adversary willing to forge signatures, requiring only interaction with the ENS contracts and the ability to register the forged domain. The impact on domain ownership makes this a serious concern for TLD operators who continue to use the vulnerable contracts or low public exponents.

Generated by OpenCVE AI on April 17, 2026 at 15:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the patched ENS contracts from commit c76c5ad0dc9de1c966443bd946fafc6351f87587 and update the RSASHA256Algorithm and RSASHA1Algorithm libraries to the new implementation.
  • Reconfigure DNSSECImpl.setAlgorithm to reference the newly deployed, patched contract implementation.
  • Ensure that any ENS key signing key used for TLDs employs a secure public exponent (e.g., e = 65537) or otherwise enforce PKCS#1 v1.5 padding validation in the contract.

Generated by OpenCVE AI on April 17, 2026 at 15:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-c6rr-7pmc-73wc ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
History

Fri, 13 Mar 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Ens.domains
Ens.domains ethereum Name Service
CPEs cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*
Vendors & Products Ens.domains
Ens.domains ethereum Name Service
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Ensdomains
Ensdomains ens-contracts
Vendors & Products Ensdomains
Ensdomains ens-contracts

Wed, 25 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.
Title ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Weaknesses CWE-347
References
Metrics cvssV4_0

{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Ens.domains Ethereum Name Service
Ensdomains Ens-contracts
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-25T20:34:05.144Z

Reserved: 2026-01-12T16:20:16.746Z

Link: CVE-2026-22866

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T16:23:25.277

Modified: 2026-03-13T01:02:53.500

Link: CVE-2026-22866

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T15:15:21Z

Weaknesses