CVE-2026-26315 – A cryptographic flaw in go-ethereum's ECIES imp... (How to Fix)

Q: What is the severity of CVE-2026-26315?

CVE-2026-26315 has a CVSS score of 7.5 (HIGH). A cryptographic flaw in go-ethereum's ECIES implementation allows attackers to extract bits of the p2p node key. This affects all Geth nodes running versions before 1.16.9. The vulnerability could compromise node identity and network communication security.

📋 TL;DR

A cryptographic flaw in go-ethereum's ECIES implementation allows attackers to extract bits of the p2p node key. This affects all Geth nodes running versions before 1.16.9. The vulnerability could compromise node identity and network communication security.

💻 Affected Systems

Products:

go-ethereum (Geth)

Versions: All versions prior to 1.16.9

Operating Systems: All platforms running Geth

Default Config Vulnerable: ⚠️ Yes

Notes: All Geth nodes using default ECIES cryptography for p2p communications are affected.

📦 What is this software?

Go Ethereum by Ethereum

View all CVEs affecting Go Ethereum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of node identity allowing impersonation, man-in-the-middle attacks on p2p communications, and potential network isolation or reputation damage.

🟠

Likely Case

Partial key extraction enabling targeted attacks against specific nodes, potentially leading to network manipulation or denial of service.

🟢

If Mitigated

Minimal impact if node key is rotated immediately after patching, though historical communications may have been vulnerable.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to vulnerable nodes and cryptographic analysis capabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.16.9 or 1.17.0

Vendor Advisory: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8

Restart Required: Yes

Instructions:

1. Stop Geth service. 2. Upgrade to Geth v1.16.9 or v1.17.0. 3. Delete the node key file: rm <datadir>/geth/nodekey. 4. Start Geth service to generate new key.

🔧 Temporary Workarounds

Node Key Rotation

all

Manually rotate node key without upgrading (temporary measure)

geth --datadir <datadir> removedb
rm <datadir>/geth/nodekey

🧯 If You Can't Patch

Isolate vulnerable nodes from untrusted networks
Implement network-level monitoring for unusual p2p traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Geth version with: geth version

Check Version:

geth version

Verify Fix Applied:

Verify version is 1.16.9+ and confirm new node key was generated by checking file timestamp: ls -la <datadir>/geth/nodekey

📡 Detection & Monitoring

Log Indicators:

Unexpected p2p connection failures
Node key regeneration events

Network Indicators:

Unusual ECIES handshake patterns
Multiple failed connection attempts to same node

SIEM Query:

source="geth" AND ("nodekey" OR "ECIES" OR "handshake failed")

📊 Metadata

CVE ID: CVE-2026-26315

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-203

Published: February 19, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26315, you might also want to check these: