A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
References
| Link | Resource |
|---|---|
| https://github.com/Danimlzg/chia-rpc-auth-bypass.git | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.347748 | Permissions Required VDB Entry |
| https://vuldb.com/?id.347748 | Third Party Advisory VDB Entry |
Configurations
History
05 Mar 2026, 01:02
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Chia
Chia blockchain |
|
| CWE | CWE-306 | |
| CPE | cpe:2.3:a:chia:blockchain:2.1.0:*:*:*:*:*:*:* | |
| References | () https://github.com/Danimlzg/chia-rpc-auth-bypass.git - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.347748 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.347748 - Third Party Advisory, VDB Entry |
25 Feb 2026, 17:25
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-25 17:25
Updated : 2026-03-05 01:02
NVD link : CVE-2026-3192
Mitre link : CVE-2026-3192
CVE.ORG link : CVE-2026-3192
JSON object : View
Products Affected
chia
- blockchain