CVE-2026-26315

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-26315

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26315.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-26315

Aliases

Downstream

SUSE-SU-2026:0757-1

Related

SUSE-SU-2026:0757-1

Published

2026-02-19T21:22:41.188Z

Modified

2026-03-04T22:28:59.010959Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake

Details

go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file <datadir>/geth/nodekey before starting Geth.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-203"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26315.json"
}

References

Affected packages

Git / github.com/ethereum/go-ethereum

Affected ranges

Type: GIT
Repo: https://github.com/ethereum/go-ethereum
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

95665d5703e1023995a0ff93e4ce9eb77e8a59bd

Affected versions

0.*

0.2.2

0.3.0

0.3.1

0.5.13

0.5.14

0.5.15

0.5.16

0.5.17

0.5.18

0.5.19

0.9.16

0.9.23

Other

PoC6

poc1

poc5-rc1

poc5-rc10

poc5-rc11

poc5-rc12

poc5-rc2

poc5-rc3

poc5-rc4

poc5-rc6

poc5-rc7

poc5-rc8

poc5-rc9

v0.*

v0.6.0

v0.6.3

v0.6.4

v0.6.5

v0.6.5-1

v0.6.5-2

v0.6.6

v0.6.7

v0.6.8

v0.7.10

v0.7.10-broken

v0.7.11

v0.8.4

v0.8.4-1

v0.8.5

v0.8.5-2

v0.9.17

v0.9.18

v0.9.20

v0.9.21

v0.9.21.1

v0.9.22

v0.9.23

v0.9.24

v0.9.25

v0.9.26

v0.9.28

v0.9.30

v0.9.32

v0.9.34

v0.9.34-1

v0.9.36

v0.9.38

v0.9.39

v1.*

v1.0.1

v1.10.0

v1.10.1

v1.10.10

v1.10.11

v1.10.12

v1.10.13

v1.10.14

v1.10.15

v1.10.16

v1.10.17

v1.10.18

v1.10.19

v1.10.2

v1.10.20

v1.10.21

v1.10.22

v1.10.23

v1.10.3

v1.10.4

v1.10.5

v1.10.6

v1.10.7

v1.10.8

v1.10.9

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.11.6

v1.12.0

v1.12.1

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.13.4

v1.14.0

v1.14.2

v1.14.3

v1.14.4

v1.14.5

v1.15.0

v1.15.1

v1.15.10

v1.15.11

v1.15.2

v1.15.3

v1.15.4

v1.15.5

v1.15.6

v1.15.7

v1.15.8

v1.15.9

v1.16.0

v1.16.1

v1.16.2

v1.16.3

v1.16.4

v1.16.5

v1.16.6

v1.16.7

v1.16.8

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.8.10

v1.8.11

v1.8.12

v1.8.13

v1.8.14

v1.8.15

v1.8.16

v1.8.17

v1.8.18

v1.8.19

v1.8.2

v1.8.20

v1.8.21

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.8.7

v1.8.8

v1.8.9

v1.9.0

v1.9.1

v1.9.10

v1.9.11

v1.9.12

v1.9.13

v1.9.14

v1.9.15

v1.9.16

v1.9.17

v1.9.18

v1.9.19

v1.9.2

v1.9.20

v1.9.21

v1.9.22

v1.9.23

v1.9.24

v1.9.25

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v1.9.8

v1.9.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26315.json"