Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Go Ethereum: Malicious Message Can Cause High Memory Usage
CVE-2026-26313
GHSA-689v-6xwf-5jf3
Summary
A malicious message sent to Go Ethereum can cause a device to run out of memory, making it unavailable. This issue affects users of Go Ethereum and can be fixed by updating to version 1.17.0. To protect your system, apply the latest update as soon as possible.
What to do
- Update github.com ethereum to version 1.17.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | ethereum | <= 1.17.0 | 1.17.0 |
| ethereum | go_ethereum | <= 1.17.0 | – |
Original title
Go Ethereum affected by DoS via malicious p2p message
Original description
### Impact
An attacker can cause high memory usage by sending a specially-crafted p2p message.
More details to be released later.
### Patches
The issue is resolved in the v1.17.0 release.
### Credit
This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion
An attacker can cause high memory usage by sending a specially-crafted p2p message.
More details to be released later.
### Patches
The issue is resolved in the v1.17.0 release.
### Credit
This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion
nvd CVSS3.1
7.5
nvd CVSS4.0
6.9
Vulnerability type
CWE-770
Allocation of Resources Without Limits
- https://nvd.nist.gov/vuln/detail/CVE-2026-26313
- https://pkg.go.dev/vuln/GO-2026-4508
- https://github.com/advisories/GHSA-689v-6xwf-5jf3
- https://github.com/ethereum/go-ethereum/releases/tag/v1.17.0 Release Notes
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3 Vendor Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026