CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

CVE-2026-22866

The CVE describes a critical flaw in Ethereum Name Service (ENS) contracts prior to 1.6.2 where RSASHA256Algorithm and RSASHA1Algorithm fail to properly validate PKCS#1 v1.5 padding, checking only the trailing hash instead of full padding. This enables Bleichenbacher-style signature forgery again...

ENS 数据伪造问题漏洞

ENS is an open-source Ethereum domain name service, involving both registrars and local resolvers. Versions of ENS 1.6.2 and earlier had a vulnerability related to data manipulation. This vulnerability stemmed from the lack of verification of the PKCS1 v1.5 padding structure during RSA signature...

EUVD-2025-198796

Malicious code in @ensdomains/ccip-read-dns-gateway npm...

EUVD-2023-2350

Malicious code in bioql PyPI...

CVE-2023-38698

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

Integer overflow

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

CVE-2023-38698 .eth registrar controller can shorten the duration of registered names

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

CVE-2023-38698

The CVE-2023-38698 issue is a vulnerability in ENS:BaseRegistrarImplementation prior to 0.0.22 where an integer overflow in the renew function can be exploited by an attacker-controlled controller to shorten the expiration of a registrar name. The effect is that expiries[id] may overflow, allowin...

CVE-2023-38698 .eth registrar controller can shorten the duration of registered names

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

ENS Input Validation Error Vulnerability

ENS is the registrar and local resolver implementation of the Ethereum Name Service. An input validation error vulnerability exists in Ethereum Name Service version 0.0.21 and earlier, which stems from an integer overflow problem in the renew function that allows an attacker to shorten the durati...

CVE-2020-5232 Ethereum Name Service - Malicious takeover of previously owned ENS names

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry...

PT-2020-18328 · Ethereum · Ethereum Name Service (Ens) Registry

Name of the Vulnerable Software and Affected Versions: Ethereum Name Service ENS registry affected versions not specified Description: A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent ...