Cyber Posture

CVE-2026-22868

High

Published: 13 January 2026

Published
13 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0004 13.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22868 is a high-severity Improper Input Validation (CWE-20) vulnerability in Ethereum Go Ethereum. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

PM-14 Testing, Training, and Monitoring
addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

SA-11 Developer Testing and Evaluation
addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

SI-10 Information Input Validation
addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

SI-8 Spam Protection
addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Remote crafted message exploits improper input validation in public-facing geth node, directly enabling application-layer DoS via exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.

Deeper analysisAI

CVE-2026-22868 affects go-ethereum (geth), a Golang implementation of the Ethereum protocol's execution layer. The vulnerability enables a specially crafted message to force a vulnerable node to shut down or crash, stemming from improper input validation (CWE-20). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting high-impact availability disruption with no confidentiality or integrity effects.

Any network-accessible attacker can exploit this without privileges, user interaction, or elevated complexity by sending the malicious message to a vulnerable geth node, resulting in denial-of-service through node shutdown or crash.

The vulnerability is fixed in go-ethereum version 1.16.8. For mitigation details, refer to the patching commit at https://github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2 and the security advisory at https://github.com/ethereum/go-ethereum/security/advisories/GHSA-mq3p-rrmp-79jg.

Details

CWE(s)
CWE-20

Affected Products

ethereum
go ethereum
≤ 1.16.8

CVEs Like This One

CVE-2026-22862Same product: Ethereum Go Ethereum
CVE-2026-26314Same product: Ethereum Go Ethereum
CVE-2026-26313Same product: Ethereum Go Ethereum
CVE-2026-26315Same product: Ethereum Go Ethereum
CVE-2026-27623Shared CWE-20
CVE-2025-61614Shared CWE-20
CVE-2025-69278Shared CWE-20
CVE-2026-28894Shared CWE-20
CVE-2025-57835Shared CWE-20
CVE-2025-26702Shared CWE-20

References