Platform
python
Component
chia-rpc-auth-bypass
Fixed in
2.1.1
A security vulnerability has been identified in Chia Blockchain version 2.1.0, specifically within the RPC Credential Handler component. This improper authentication issue allows for manipulation, potentially leading to unauthorized access. The vulnerability impacts Chia Blockchain 2.1.0 and requires remote access to exploit. While a fix is pending, mitigation strategies are available.
The vulnerability lies in the authenticate function of rpcserver_base.py, allowing attackers to bypass authentication mechanisms. Successful exploitation could grant an attacker unauthorized access to the Chia Blockchain node, potentially enabling them to control the blockchain, steal funds, or disrupt operations. The high complexity suggests the attack requires specific knowledge of the system and potentially crafted input to bypass authentication checks. While the vendor considers this behavior by design, the potential for misuse remains a significant concern.
This vulnerability was publicly disclosed on 2026-02-25. A proof-of-concept exploit is available, indicating a moderate risk of exploitation. The vendor was notified early but rejected a bug bounty report, citing the behavior as intentional. The vulnerability is not currently listed on CISA KEV, but its public disclosure and available exploit warrant close monitoring.
Exploit Status
EPSS
0.24% (47% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a direct patch, mitigation focuses on hardening the host environment. Implement strong firewall rules to restrict access to the Chia Blockchain RPC interface. Regularly review and update access control lists to minimize the attack surface. Consider implementing multi-factor authentication (MFA) for all administrative accounts accessing the Chia Blockchain node. Monitor system logs for suspicious activity related to authentication attempts. While a formal detection signature is unavailable, monitor for unusual RPC requests and authentication failures.
Update to a version later than 2.1.0 of Chia Blockchain. If updating is not possible, review the RPC authentication configuration and ensure it is configured correctly to prevent unauthorized access.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3192 is a medium-severity vulnerability in Chia Blockchain 2.1.0 that allows remote attackers to manipulate authentication, potentially gaining unauthorized access.
If you are running Chia Blockchain version 2.1.0, you are potentially affected by this vulnerability. Upgrade to a patched version when available.
A direct patch is currently unavailable. Mitigate by hardening the host environment with firewalls, access control lists, and MFA.
A proof-of-concept exploit is publicly available, indicating a potential risk of active exploitation.
Refer to the Chia Blockchain official website and security advisories for updates and further information regarding CVE-2026-3192.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.