{"id":"CVE-2020-26265","details":"Go Ethereum, or \"Geth\", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.","aliases":["GHSA-xw37-57qp-9mm4","GO-2021-0105"],"modified":"2026-05-30T15:45:57.952276Z","published":"2020-12-11T17:15:12.870Z","references":[{"type":"ADVISORY","url":"https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"},{"type":"ADVISORY","url":"https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ethereum/go-ethereum","events":[{"introduced":"46891c12ab54c9e179f26378ce618fd48460190c"},{"fixed":"979fc96899c77876e15807005eadd936da17b6c2"}],"database_specific":{"extracted_events":[{"introduced":"1.9.4"},{"fixed":"1.9.20"}],"cpe":"cpe:2.3:a:ethereum:go_ethereum:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"]}}],"versions":["v1.9.19","v1.9.18","v1.9.17","v1.9.16","v1.9.15","v1.9.14","v1.9.13","v1.9.12","v1.9.11","v1.9.10","v1.9.9","v1.9.8","v1.9.7","v1.9.6","v1.9.5","v1.9.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26265.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}