CVE-2026-3192

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

CVSS v3 5.6 MEDIUM
CVSS v2.0 5.1 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/Danimlzg/chia-rpc-auth-bypass.git	Exploit Third Party Advisory
https://vuldb.com/?ctiid.347748	Permissions Required VDB Entry
https://vuldb.com/?id.347748	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:chia:blockchain:2.1.0:*:*:*:*:*:*:*

History

29 Apr 2026, 01:00

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de seguridad ha sido detectada en Chia Blockchain 2.1.0. Este problema afecta la función _authenticate del archivo rpc_server_base.py del componente Gestor de Credenciales RPC. La manipulación conduce a una autenticación impropia. El ataque es posible de ser llevado a cabo remotamente. El ataque se considera que tiene alta complejidad. La explotabilidad se evalúa como difícil. El exploit ha sido divulgado públicamente y puede ser usado. El proveedor fue informado tempranamente vía correo electrónico. Un informe separado vía bugbounty fue rechazado con la razón 'Esto es por diseño. El usuario es responsable de la seguridad del host'.

05 Mar 2026, 01:02

Type	Values Removed	Values Added
First Time		Chia Chia blockchain
CWE		CWE-306
CPE		cpe:2.3:a:chia:blockchain:2.1.0:::::::*
References	~~() https://github.com/Danimlzg/chia-rpc-auth-bypass.git -~~	() https://github.com/Danimlzg/chia-rpc-auth-bypass.git - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.347748 -~~	() https://vuldb.com/?ctiid.347748 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.347748 -~~	() https://vuldb.com/?id.347748 - Third Party Advisory, VDB Entry

25 Feb 2026, 17:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-25 17:25

Updated : 2026-04-29 01:00

NVD link : CVE-2026-3192

Mitre link : CVE-2026-3192

CVE.ORG link : CVE-2026-3192

JSON object : View

Products Affected

chia

blockchain

CWE

CWE-287

Improper Authentication

CWE-306

Missing Authentication for Critical Function

5.6 /10