go-ethereum Denial-of-Service Vulnerability via Malicious P2P Message

Vulnerability

A denial-of-service vulnerability has been identified in go-ethereum (geth) versions prior to 1.16.9. Affected nodes can be forced to shut down or crash by sending a specially crafted message. This issue has been addressed in the v1.16.9 and v1.17.0 releases of Geth.

Impact

Exploitation of this vulnerability causes the affected node to shut down or crash.

Remediation

Users can upgrade to Geth versions 1.16.9 or 1.17.0 to address this vulnerability. After upgrading, it is recommended to recreate the P2P node key by removing the 'DATADIR/geth/nodekey' file before restarting Geth. Note that this will change the P2P node ID, which may disrupt static peering setups.

Added: Feb 19, 2026, 10:21 PM
Updated: Feb 19, 2026, 10:21 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
9.0
remediation
7.7
relevance
2.0
threat
3.2
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.