Skip to content
← Back to Vulnerability Database
HIGHCWE-350DNS Security

Subdomain Takeover via CNAME

Description

A CNAME record points to an external service that is no longer provisioned, allowing attackers to claim the subdomain and host content under your domain.

How Vezraa Detects It

We check DNS CNAME records for external services and verify those services are still actively provisioned.

Real-World Impact

Attackers can host phishing pages on your legitimate domain (e.g., login.yourcompany.com), stealing credentials from your users.

Fix Example

// Remove stale CNAME records
dig CNAME app.yourdomain.com
// If it points to an unclaimed service.github.io, remove the DNS record

// Add a TXT record to prove ownership before deleting:
"_hosted_here=yourdomain"

Affected Stacks

DNSVercelNetlifyGitHub PagesAWS

References

Check if your app has this vulnerability

Scan your app in 25 seconds — no install, no code access required.

Subdomain Takeover via CNAME — Vulnerability Database | Vezraa