Cyber Resilience

CVE-2026-26315

Medium

Published: 19 February 2026

Published
19 February 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 8.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26315 is a medium-severity Observable Discrepancy (CWE-203) vulnerability in Ethereum Go Ethereum. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-26315 is a cryptographic vulnerability in go-ethereum (Geth), a Golang implementation of the Ethereum protocol's execution layer. Prior to version 1.16.9, a flaw in the ECIES cryptography implementation allows an attacker to extract bits of the p2p node key. The issue carries a CVSS score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-203 (Observable Discrepancy).

Remote attackers with network access to a vulnerable Geth node can exploit this flaw without authentication, privileges, or user interaction. Exploitation enables partial recovery of the p2p node key bits, leading to high confidentiality impact by potentially undermining the security of peer-to-peer communications.

The vulnerability is resolved in Geth releases v1.16.9 and v1.17.0. Geth maintainers recommend rotating the node key after upgrading by removing the file `<datadir>/geth/nodekey` before restarting the software. Additional details are available in the GitHub Security Advisory at https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8.

EU & UK References

Vulnerability details

go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is…

more

resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Remote unauthenticated exploitation of exposed Geth P2P node via ECIES flaw directly enables T1190 (Exploit Public-Facing Application) and T1212 (Exploitation for Credential Access) to recover node private key bits.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26314Same product: Ethereum Go Ethereum
CVE-2026-22868Same product: Ethereum Go Ethereum
CVE-2026-22862Same product: Ethereum Go Ethereum
CVE-2026-26313Same product: Ethereum Go Ethereum
CVE-2025-21510Shared CWE-203
CVE-2024-41335Shared CWE-203
CVE-2025-1468Shared CWE-203
CVE-2019-25337Shared CWE-203
CVE-2024-54767Shared CWE-203
CVE-2017-5753Shared CWE-203

Affected Assets

ethereum
go ethereum
≤ 1.16.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the ECIES cryptographic flaw in Geth by upgrading to v1.16.9 or later, directly preventing exploitation.

recover

Mandates establishment and management of cryptographic keys, including rotation of the potentially compromised p2p node key as recommended by Geth maintainers post-upgrade.

prevent

Implements cryptographic mechanisms to protect confidentiality of P2P communications, mitigating risks from flawed ECIES implementation through validated crypto use.

References