Execution Layer Vulnerability in Go-Ethereum by Ethereum
CVE-2026-22862

7.1HIGH

Key Information:

Vendor: Ethereum
Status: Go-ethereum
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-22862?

Go-Ethereum (geth), an execution layer implementation of the Ethereum protocol, contains a vulnerability that allows a malicious actor to crash a vulnerable node. This is accomplished by sending a specially crafted message that triggers an unexpected shutdown. Users are encouraged to upgrade to version 1.16.8 to mitigate this risk effectively.

Affected Version(s)

go-ethereum < 1.16.8

References

https://github.com/ethereum/go-ethereum/security/advisori...

x_refsource_CONFIRM

https://github.com/ethereum/go-ethereum/commit/abeb78c647...

x_refsource_MISC

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Jan 12, 2026

CVE-2026-22862 Data

JSON