I believe the CodeQL documentation here conflicts with MDN by omission:

In this example cookie1 is accessible from online-bank.com ...

        HttpCookie cookie1 = new HttpCookie("sessionID");
        cookie1.Domain = "online-bank.com";

https://codeql.github.com/codeql-query-help/csharp/cs-web-broad-cookie-domain/

According to MDN, that cookie would also be available to subdomains:

For example, if you set Domain=mozilla.org, cookies are available on mozilla.org and its subdomains like developer.mozilla.org.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#domain_attribute

The CodeQL documentation should state that "In this example cookie1 is accessible from online-bank.com and its subdomains".