CVE-2026-3192
Chia Blockchain RPC Credential rpc_server_base.py _authenticate improper authentication
CVSS Score
5.6
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
| CWE | CWE-287 |
| Vendor | chia |
| Product | blockchain |
| Published | Feb 25, 2026 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for chia blockchain
Be the first to know when new medium vulnerabilities affecting chia blockchain are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Chia / Blockchain
2.1.0