CVE-2026-26315

Name of the Vulnerable Software and Affected Versions go-ethereum (Geth) versions prior to 1.16.9 go-ethereum (Geth) version 1.17.0

Description A flaw exists in the ECIES cryptography implementation within go-ethereum (Geth) that could allow an attacker to extract bits of the p2p node key. The issue is related to the cryptographic process used for secure communication between nodes in the Ethereum network.

Recommendations Versions prior to 1.16.9 should be upgraded to version 1.16.9 or 1.17.0. After upgrading, rotate the node key by removing the file <datadir>/geth/nodekey before starting Geth.