Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.3
Chia Blockchain 2.1.0 allows attackers to trick users into making unauthorized transactions
CVE-2026-3193
Summary
A security weakness in Chia Blockchain 2.1.0 makes it possible for a malicious website to trick users into making unwanted transactions from their account. This is a serious issue because it could result in unauthorized transactions. To protect yourself, ensure you're using the latest version of Chia Blockchain and be cautious when clicking on links or interacting with unfamiliar websites.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chia | blockchain | 2.1.0 | – |
Original title
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be perfo...
Original description
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
nvd CVSS2.0
2.6
nvd CVSS3.1
3.1
nvd CVSS4.0
2.3
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-862
Missing Authorization
- https://github.com/Danimlzg/chia-rpc-auth-bypass.git Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347749 Permissions Required VDB Entry
- https://vuldb.com/?id.347749 Third Party Advisory VDB Entry
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026