CVE-2026-26315 — HIGH (7.5)

Q: How severe is CVE-2026-26315?

CVE-2026-26315 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-26315?

Check the references section above for vendor advisories and patch information. Affected products include: Ethereum Go Ethereum.

Vulnerability Description

go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ethereum	Go Ethereum	< 1.16.9

Related Weaknesses (CWE)

CWE-203

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8Vendor Advisory

FAQ

What is CVE-2026-26315?

CVE-2026-26315 is a vulnerability with a CVSS score of 7.5 (HIGH). go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to ext...

How severe is CVE-2026-26315?

CVE-2026-26315 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-26315?

Check the references section above for vendor advisories and patch information. Affected products include: Ethereum Go Ethereum.