CVE-2026-22868
Denial of Service in go-ethereum (geth) via Crafted Message
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ethereum | go-ethereum | 1.16.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in go-ethereum (geth) allows a malicious actor to force a vulnerable node to shutdown or crash by sending a specially crafted message. It affects the execution layer implementation of the Ethereum protocol and is fixed in version 1.16.8.
How can this vulnerability impact me? :
The vulnerability can cause a node running the vulnerable version of go-ethereum to unexpectedly shutdown or crash, potentially disrupting blockchain operations, causing denial of service, and impacting the availability of the Ethereum network services relying on that node.
What immediate steps should I take to mitigate this vulnerability?
Update the go-ethereum (geth) software to version 1.16.8 or later, as this version contains the fix for the vulnerability that allows a node to be forced to shutdown or crash by a specially crafted message.