CVE-2026-3192
Published: 25 February 2026
Summary
CVE-2026-3192 is a medium-severity Improper Authentication (CWE-287) vulnerability in Chia Blockchain. Its CVSS base score is 5.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and IA-8 (Identification and Authentication (Non-organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires identification and authentication for non-organizational users or processes, directly mitigating the improper authentication bypass in the RPC Credential Handler accessible remotely by unauthenticated attackers.
Monitors and controls communications at external boundaries, preventing remote exploitation of the RPC authentication vulnerability by blocking unauthorized network access to the endpoint.
Authorizes and manages remote access mechanisms, reducing exposure of the vulnerable RPC server to high-complexity remote attacks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a network-accessible RPC server component, directly enabling exploitation of a public-facing application for unauthorized access.
NVD Description
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out…
more
remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
Deeper analysisAI
CVE-2026-3192 is an improper authentication vulnerability affecting Chia Blockchain version 2.1.0, specifically in the _authenticate function within the rpc_server_base.py file of the RPC Credential Handler component. This flaw, mapped to CWE-287 (Improper Authentication) and CWE-306 (Missing Authentication for Critical Function), allows manipulation leading to authentication bypass. It carries a CVSS v3.1 base score of 5.6 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating network accessibility but high attack complexity.
The vulnerability can be exploited remotely by unauthenticated attackers (PR:N) over the network, though it requires high complexity and is assessed as difficult to exploit. Successful exploitation enables limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), potentially allowing unauthorized access to RPC functions. A proof-of-concept exploit has been publicly disclosed and may be usable.
Advisories from VulDB (ctiid.347748 and id.347748) document the issue, with a GitHub repository (Danimlzg/chia-rpc-auth-bypass.git) providing exploit code. The vendor was notified early via email and a bug bounty report, but rejected remediation, stating it is "by design" and that users are responsible for host security; no patches or mitigations are mentioned.
Details
- CWE(s)