CVE-2026-22862: go-ethereum is vulnerable to DoS via malicious p2p message affecting a vulnerable node

January 13, 2026

Impact

A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by DELENE TCHIO ROMUALD.

References

github.com/advisories/GHSA-mr7q-c9w9-wh4h
github.com/ethereum/go-ethereum
github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2
github.com/ethereum/go-ethereum/security/advisories/GHSA-mr7q-c9w9-wh4h
nvd.nist.gov/vuln/detail/CVE-2026-22862

Code Behaviors & Features

Detect and mitigate CVE-2026-22862 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →