Incorrect Authorization
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.