What is the CVSS score of CVE-2026-22868?

CVE-2026-22868 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Golang are affected by CVE-2026-22868?

CVE-2026-22868 presents notable security risk, a input validation vulnerability rated CVSS 7.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Golang CVE-2026-22868

HIGH

Improper Input Validation (CWE-20)

2026-01-13 security-advisories@github.com

GHSA-mq3p-rrmp-79jg

Denial Of Service Golang Go Ethereum Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch released

Jan 29, 2026 - 18:04 nvd

Patch available

CVE Published

Jan 13, 2026 - 21:15 nvd

HIGH 7.5

DescriptionNVD

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.

AnalysisAI

Go Ethereum (geth) nodes can be remotely crashed through maliciously crafted network messages, causing denial of service to affected network participants. An unauthenticated attacker on the network can exploit this vulnerability without user interaction to force vulnerable nodes offline. …

RemediationAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-22868 vulnerability details – vuln.today

Back

Golang CVE-2026-22868

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code