CVE-2026-22862
Denial of Service in go-ethereum (geth) via Crafted Message
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ethereum | go-ethereum | to 1.16.8 (exc) |
| ethereum | go-ethereum | to 1.16.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in go-ethereum (geth) allows a malicious actor to force a vulnerable node to shutdown or crash by sending a specially crafted message. It affects the execution layer implementation of the Ethereum protocol and is fixed in version 1.16.8.
How can this vulnerability impact me? :
The vulnerability can cause a node running the affected go-ethereum software to unexpectedly shutdown or crash, potentially disrupting Ethereum network operations, causing denial of service, and impacting availability of services relying on the node.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the go-ethereum (geth) software to version 1.16.8 or later, as this version contains the fix for the vulnerability that allows a node to be forced to shutdown or crash by a specially crafted message.