Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
Chia Blockchain 2.1.0 Allows Remote Attackers to Authenticate Improperly
CVE-2026-3192
Summary
A security weakness in Chia Blockchain 2.1.0 can let attackers access the system without proper permission. This could happen remotely. It's a good idea to update to the latest version as soon as possible to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chia | blockchain | 2.1.0 | – |
Original title
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipu...
Original description
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
nvd CVSS2.0
5.1
nvd CVSS3.1
8.1
nvd CVSS4.0
6.3
Vulnerability type
CWE-287
Improper Authentication
CWE-306
Missing Authentication for Critical Function
- https://github.com/Danimlzg/chia-rpc-auth-bypass.git Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347748 Permissions Required VDB Entry
- https://vuldb.com/?id.347748 Third Party Advisory VDB Entry
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026