CVE-2026-22866Improper Verification of Cryptographic Signature in Ens-contracts

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
2.7LOWNVD
EPSS
0.0%
top 96.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ensdomains Ens-contractsEns.domains Ethereum Name Service
Timeline
PublishedFeb 25

Description

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public expon

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5ensdomains/ens-contracts1.6.2

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation2026-02-25
OSV
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation2026-02-25

🕵️Threat Intelligence

1
Wiz
CVE-2026-22866 Impact, Exploitability, and Mitigation Steps | Wiz