CVE-2020-26265

MEDIUM

Geth <1.9.20 - Consensus Vulnerability

Title source: llm

Description

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.

References (2)

[Third Party Advisory] https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20

[Third Party Advisory] https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4

Scores

CVSS v3 5.3

EPSS 0.0027

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-682

Status published

Affected Products (2)

ethereum/go_ethereum < 1.9.20

ethereum/go-ethereum < 1.9.20Go

Timeline

Published Dec 11, 2020

Tracked Since Feb 18, 2026