Medium severity5.6NVD Advisory· Published Feb 25, 2026· Updated Apr 29, 2026
CVE-2026-3192
CVE-2026-3192
Description
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
Affected products
1- cpe:2.3:a:chia:blockchain:2.1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
14- More than $10 million stolen from crypto platform THORChainThe Record · May 15, 2026
- Living Off the Pipeline: Defending Against CI/CD SubversionSentinelOne Labs · May 15, 2026
- Zombie linkages are keeping expired domains trusted for yearsHelp Net Security · May 15, 2026
- New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network PivotsThe Hacker News · May 12, 2026
- TrickMo Android banker adopts TON blockchain for covert commsBleepingComputer · May 11, 2026
- Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701MThe Hacker News · May 4, 2026
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPsKrebs on Security · Apr 30, 2026
- EtherRAT Distribution Spoofing Administrative Tools via GitHub FacadesThe Hacker News · Apr 30, 2026
- New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATsThe Hacker News · Apr 29, 2026
- BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack LuresDark Reading · Apr 28, 2026
- ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New StoriesThe Hacker News · Apr 23, 2026
- DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'Dark Reading · Apr 22, 2026
- Oracle April 2026 Critical Patch Update Addresses 241 CVEsTenable Blog · Apr 21, 2026
- ‘CanisterWorm’ Springs Wiper Attack Targeting IranKrebs on Security · Mar 23, 2026