Plattform
other
Komponente
chia-rpc-auth-bypass
Behoben in
2.1.1
CVE-2026-3194 describes a vulnerability in Chia Blockchain versions 2.1.0. This flaw involves a missing authentication check within the RPC Server Master Passphrase Handler, specifically the sendtransaction/getprivate_key function. Successful exploitation could lead to unauthorized access and potential compromise of the blockchain node. The vendor has been notified, and a public exploit is available.
The core impact of CVE-2026-3194 lies in the potential for unauthorized access to private keys. An attacker with local access to a Chia Blockchain node running version 2.1.0 can exploit this missing authentication check to retrieve private keys. This could allow them to forge transactions, steal funds, or otherwise manipulate the blockchain. The vulnerability's local execution requirement limits its immediate scope, but it significantly increases the risk for systems where local access is readily available, such as compromised servers or developer workstations. While the vendor considers this 'by design' regarding host security, the lack of authentication presents a clear attack vector.
CVE-2026-3194 has a public proof-of-concept available, indicating a relatively high likelihood of exploitation. The vulnerability was disclosed on 2026-02-25. The vendor's rejection of the bug bounty report, citing 'by design,' suggests a deliberate architectural choice that may not fully account for potential security implications. The vulnerability is not currently listed on CISA KEV as of this writing.
Chia Blockchain node operators, particularly those running version 2.1.0, are at risk. This includes individuals and organizations involved in cryptocurrency farming, blockchain development, and those hosting Chia Blockchain nodes on servers or developer workstations where local access is not strictly controlled.
disclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-3194 is to upgrade to a patched version of Chia Blockchain. As no fixed version is specified in the provided data, it's crucial to monitor the official Chia Blockchain channels for updates. In the interim, restrict local access to the Chia Blockchain node to trusted users and processes. Implement robust host-based security controls, including strong passwords, multi-factor authentication, and regular security audits. Consider using containerization or virtualization to isolate the Chia Blockchain node from the host system, limiting the potential impact of a successful exploit.
Aktualisieren Sie auf eine Version nach 2.1.0 oder implementieren Sie zusätzliche Sicherheitsmaßnahmen, um den lokalen Zugriff auf den RPC-Server zu schützen. Da der Anbieter die Hostsicherheit als Verantwortung des Benutzers ansieht, wird dringend empfohlen, den lokalen Zugriff auf den RPC-Server einzuschränken und verdächtige Aktivitäten zu überwachen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-3194 is a medium severity vulnerability in Chia Blockchain 2.1.0 where a missing authentication check in the RPC Server Master Passphrase Handler allows local manipulation.
If you are running Chia Blockchain version 2.1.0, you are potentially affected by this vulnerability. Monitor official Chia Blockchain channels for updates.
The recommended fix is to upgrade to a patched version of Chia Blockchain. Check the official Chia Blockchain channels for the latest release.
A public proof-of-concept exists, indicating a potential for active exploitation. Monitor your systems for suspicious activity.
Refer to the official Chia Blockchain website and security advisories for the most up-to-date information regarding CVE-2026-3194.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.