Primary

Context

go-ethereum ECIES Cryptography Vulnerability Leading to Node Key Exposure

Vulnerability

Patched

A vulnerability in the ECIES cryptography implementation of go-ethereum (Geth) versions through 1.16.8 allows attackers to extract bits of the p2p node key. This issue is resolved in Geth versions 1.16.9 and 1.17.0. After upgrading, Geth maintainers recommend rotating the node key by removing the nodekey file from the data directory before restarting Geth.

Impact

Exploitation of this vulnerability could lead to unauthorized extraction of the p2p node key, potentially allowing for impersonation of the node in the peer-to-peer network.

Remediation

Users should upgrade to Geth versions 1.16.9 or 1.17.0 and rotate the node key by removing the nodekey file from the data directory before restarting Geth.

Added: Feb 19, 2026, 10:20 PM

Updated: Feb 19, 2026, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.2

remediation

8.3

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.2

remediation

8.3

relevance

3.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

go-ethereum ECIES Cryptography Vulnerability Leading to Node Key Exposure

Vulnerability

Impact

Remediation

Affected Products

go-ethereum

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating