Low severity3.1NVD Advisory· Published Feb 25, 2026· Updated Apr 29, 2026
CVE-2026-3193
CVE-2026-3193
Description
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
Affected products
1- cpe:2.3:a:chia:blockchain:2.1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
14- More than $10 million stolen from crypto platform THORChainThe Record · May 15, 2026
- Living Off the Pipeline: Defending Against CI/CD SubversionSentinelOne Labs · May 15, 2026
- Zombie linkages are keeping expired domains trusted for yearsHelp Net Security · May 15, 2026
- New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network PivotsThe Hacker News · May 12, 2026
- TrickMo Android banker adopts TON blockchain for covert commsBleepingComputer · May 11, 2026
- Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701MThe Hacker News · May 4, 2026
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPsKrebs on Security · Apr 30, 2026
- EtherRAT Distribution Spoofing Administrative Tools via GitHub FacadesThe Hacker News · Apr 30, 2026
- New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATsThe Hacker News · Apr 29, 2026
- BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack LuresDark Reading · Apr 28, 2026
- ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New StoriesThe Hacker News · Apr 23, 2026
- DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'Dark Reading · Apr 22, 2026
- Oracle April 2026 Critical Patch Update Addresses 241 CVEsTenable Blog · Apr 21, 2026
- ‘CanisterWorm’ Springs Wiper Attack Targeting IranKrebs on Security · Mar 23, 2026