Home > Vulnerability Database > CVE-2026-26314

Mend.io Vulnerability Database

CVE-2026-26314

Good to know:

Date: February 18, 2026

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed from vulsight.com

Severity Score

7.5

Related Resources (6)

Url: https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60

Url: https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9

Url: https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-26314

Url: https://github.com/ethereum/go-ethereum

Url: https://www.mend.io/vulnerability-database/CVE-2026-26314

Severity Score

7.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version github.com/ethereum/go-ethereum - v1.16.9;https://github.com/ethereum/go-ethereum.git - v1.16.9

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-26314

Good to know:

Date: February 18, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?