Possible Take Over Subdomain For Inbound Emails

The subdomain sendgrid.khanacademy.org points to sendgrid.net via a CNAME record, but the associated SendGrid configuration is unclaimed. This allows an attacker to register the subdomain on SendGrid and take control of it. Since SendGrid is used for email marketing, an attacker could potentially intercept inbound emails, send phishing messages, or exploit the domain’s reputation for malicious purposes. The issue requires no authentication, has medium risk, and is moderately easy to exploit. The recommended fix is to remove unused DNS entries or correctly configure the external service to handle the subdomain. This summary was generated by AI