What is the CVSS score of CVE-2026-26313?

CVE-2026-26313 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Golang are affected by CVE-2026-26313?

Go Ethereum versions through 1.17.0 contain a resource exhaustion vulnerability that could allow attackers to consume excessive system resources, potentially disrupting blockchain operations and…. A patch is available.

Golang CVE-2026-26313

HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-02-19 security-advisories@github.com

GHSA-689v-6xwf-5jf3

Golang Go Ethereum Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

CVE Published

Feb 19, 2026 - 21:18 nvd

HIGH 7.5

DescriptionNVD

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release.

AnalysisAI

Go Ethereum versions up to 1.17.0 is affected by allocation of resources without limits or throttling (CVSS 7.5).

RemediationAI

Within 24 hours: Inventory all systems running Go Ethereum versions up to 1.17.0 and assess exposure in production environments. Within 7 days: Implement network segmentation to restrict untrusted access to affected Ethereum nodes and enable resource monitoring/alerting for CPU and memory anomalies. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-26313 vulnerability details – vuln.today

Back

Golang CVE-2026-26313

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code