CVE-2026-26315
Published: 19 February 2026
Summary
CVE-2026-26315 is a high-severity Observable Discrepancy (CWE-203) vulnerability in Ethereum Go Ethereum. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Misdirection can normalize or falsify responses to eliminate observable discrepancies that aid reconnaissance.
Observable discrepancies in system behavior can be modulated to create covert storage or timing channels; the required analysis detects and constrains such avenues.
Prevents attackers from using observable differences in error responses to infer internal system details or state.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of exposed Geth P2P node via ECIES flaw directly enables T1190 (Exploit Public-Facing Application) and T1212 (Exploitation for Credential Access) to recover node private key bits.
NVD Description
go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is…
more
resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth.
Deeper analysisAI
CVE-2026-26315 is a cryptographic vulnerability in go-ethereum (Geth), a Golang implementation of the Ethereum protocol's execution layer. Prior to version 1.16.9, a flaw in the ECIES cryptography implementation allows an attacker to extract bits of the p2p node key. The issue carries a CVSS score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-203 (Observable Discrepancy).
Remote attackers with network access to a vulnerable Geth node can exploit this flaw without authentication, privileges, or user interaction. Exploitation enables partial recovery of the p2p node key bits, leading to high confidentiality impact by potentially undermining the security of peer-to-peer communications.
The vulnerability is resolved in Geth releases v1.16.9 and v1.17.0. Geth maintainers recommend rotating the node key after upgrading by removing the file `<datadir>/geth/nodekey` before restarting the software. Additional details are available in the GitHub Security Advisory at https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8.
Details
- CWE(s)