CVE-2026-3193

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

CVSS v3 3.1 LOW
CVSS v2.0 2.6 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/Danimlzg/chia-rpc-auth-bypass.git	Exploit Third Party Advisory
https://vuldb.com/?ctiid.347749	Permissions Required VDB Entry
https://vuldb.com/?id.347749	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:chia:blockchain:2.1.0:*:*:*:*:*:*:*

History

29 Apr 2026, 01:00

Type	Values Removed	Values Added
Summary		(es) Se detectó una vulnerabilidad en Chia Blockchain 2.1.0. Afectada es una función desconocida del archivo /send_transaction. La manipulación resulta en falsificación de petición en sitios cruzados. El ataque puede ser realizado desde remoto. El ataque requiere un alto nivel de complejidad. La explotabilidad es considerada difícil. El exploit es ahora público y puede ser usado. El proveedor fue informado temprano vía correo electrónico. Un informe separado vía bugbounty fue rechazado con la razón 'Esto es por diseño. El usuario es responsable de la seguridad del host'.

05 Mar 2026, 00:59

Type	Values Removed	Values Added
CPE		cpe:2.3:a:chia:blockchain:2.1.0:::::::*
First Time		Chia Chia blockchain
References	~~() https://github.com/Danimlzg/chia-rpc-auth-bypass.git -~~	() https://github.com/Danimlzg/chia-rpc-auth-bypass.git - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.347749 -~~	() https://vuldb.com/?ctiid.347749 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.347749 -~~	() https://vuldb.com/?id.347749 - Third Party Advisory, VDB Entry

25 Feb 2026, 17:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-25 17:25

Updated : 2026-04-29 01:00

NVD link : CVE-2026-3193

Mitre link : CVE-2026-3193

CVE.ORG link : CVE-2026-3193

JSON object : View

Products Affected

chia

blockchain

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization

3.1 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2026-3193

3.1^/10

2.6^/10

Attach tags to `CVE-2026-3193`