CVE-2026-22868: go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message

January 13, 2026

Impact

An attacker can cause high CPU usage by sending a specially crafted p2p message. More details to be released later.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by @Yenya030

References

github.com/advisories/GHSA-mq3p-rrmp-79jg
github.com/ethereum/go-ethereum
github.com/ethereum/go-ethereum/commit/abeb78c647e354ed922726a1d719ac7bc64a07e2
github.com/ethereum/go-ethereum/security/advisories/GHSA-mq3p-rrmp-79jg
nvd.nist.gov/vuln/detail/CVE-2026-22868

Code Behaviors & Features

Detect and mitigate CVE-2026-22868 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →