Ens.Domains Ethereum Name Service vulnerabilities

CVE-2026-22866 [LOW] CWE-347 CVE-2026-22866: Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethere Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted sig

CVE-2023-38698 [MEDIUM] CWE-190 CVE-2023-38698: Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethere Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary an

CVE-2020-5232 [HIGH] CWE-285 CVE-2020-5232: A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another use A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.