Golang Execution Layer Vulnerability in Ethereum by Go-Ethereum
CVE-2026-26314

8.7HIGH

Key Information:

Vendor

Ethereum

Status
Go-ethereum
Vendor
CVE Published:
19 February 2026

What is CVE-2026-26314?

CVE-2026-26314 is a vulnerability affecting the Go-Ethereum (Geth) implementation of the Ethereum protocol, specifically within the Golang execution layer. This software is integral to the functioning of the Ethereum blockchain, enabling users to interact with the network. The vulnerability lies in a flaw that allows a malicious actor to force a vulnerable node to shutdown or crash through the delivery of a specially crafted message. Such an incident can disrupt network operations, hinder transaction processing, and compromise the reliability of Ethereum-based applications, negatively impacting users and organizations that rely on secure and stable blockchain interactions.

The issue has been resolved in the releases v1.16.9 and v1.17.0, making it imperative for organizations utilizing Geth to upgrade to these versions to safeguard against potential attacks leveraging this vulnerability.

Potential impact of CVE-2026-26314

  1. Network Disruption: The vulnerability can lead to forced crashes of Ethereum nodes, disrupting the overall functionality of the Ethereum network. This can prevent transactions from being processed and impair the operation of decentralized applications dependent on the network.

  2. Service Degradation: A compromised node may experience significant downtime due to crashes, which can result in degraded service quality for applications relying on a stable Ethereum environment. This can have financial ramifications for businesses and users, leading to lost transactions and reduced trust in the platform.

  3. Increased Attack Surface: The presence of this vulnerability in the execution layer not only exposes critical infrastructure to immediate threats but also potentially invites more complex attacks. If exploited, it could lead to further systemic vulnerabilities, thereby heightening the security risks for organizations involved in blockchain and cryptocurrency activities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

go-ethereum < 1.16.9

References

https://github.com/ethereum/go-ethereum/security/advisori...
x_refsource_CONFIRM
https://github.com/ethereum/go-ethereum/commit/895a8597cb...
x_refsource_MISC
https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.