CVE-2026-26315
Published: 19 February 2026
Summary
CVE-2026-26315 is a medium-severity Observable Discrepancy (CWE-203) vulnerability in Ethereum Go Ethereum. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-26315 is a cryptographic vulnerability in go-ethereum (Geth), a Golang implementation of the Ethereum protocol's execution layer. Prior to version 1.16.9, a flaw in the ECIES cryptography implementation allows an attacker to extract bits of the p2p node key. The issue carries a CVSS score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-203 (Observable Discrepancy).
Remote attackers with network access to a vulnerable Geth node can exploit this flaw without authentication, privileges, or user interaction. Exploitation enables partial recovery of the p2p node key bits, leading to high confidentiality impact by potentially undermining the security of peer-to-peer communications.
The vulnerability is resolved in Geth releases v1.16.9 and v1.17.0. Geth maintainers recommend rotating the node key after upgrading by removing the file `<datadir>/geth/nodekey` before restarting the software. Additional details are available in the GitHub Security Advisory at https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8436
Vulnerability details
go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is…
more
resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of exposed Geth P2P node via ECIES flaw directly enables T1190 (Exploit Public-Facing Application) and T1212 (Exploitation for Credential Access) to recover node private key bits.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the ECIES cryptographic flaw in Geth by upgrading to v1.16.9 or later, directly preventing exploitation.
Mandates establishment and management of cryptographic keys, including rotation of the potentially compromised p2p node key as recommended by Geth maintainers post-upgrade.
Implements cryptographic mechanisms to protect confidentiality of P2P communications, mitigating risks from flawed ECIES implementation through validated crypto use.