CVE-2026-22866

Name of the Vulnerable Software and Affected Versions Ethereum Name Service (ENS) versions 1.6.2 and prior

Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS#1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes of the decrypted signature against the expected hash. This allows for a Bleichenbacher's 2006 signature forgery attack against DNS zones utilizing RSA keys with a low public exponent (e=3). Two TLDs supported by ENS, .cc and .name, use e=3 for their Key Signing Keys, potentially allowing fraudulent claims of domains under these TLDs on ENS without actual DNS ownership. The vulnerable contracts include RSASHA256Algorithm at address 0x9D1B5a639597f558bC37Cf81813724076c5C1e96, RSASHA1Algorithm at address 0x6ca8624Bc207F043D140125486De0f7E624e37A1, DNSSECImpl at address 0x0fc3152971714E5ed7723FAFa650F86A4BaF30C5, and DNSRegistrar at address 0xB32cB5677a7C971689228EC835800432B339bA2B.

Recommendations Versions prior to 1.6.2 should deploy the patched contracts. Point the DNSSECImpl.setAlgorithm function to the deployed, patched contract.