CVE-2026-3194 – This vulnerability allows local attackers to by... (How to Fix)

Q: What is the severity of CVE-2026-3194?

CVE-2026-3194 has a CVSS score of 4.5 (MEDIUM). This vulnerability allows local attackers to bypass authentication in Chia Blockchain's RPC server master passphrase handler, potentially accessing private keys or sending unauthorized transactions. Only affects Chia Blockchain 2.1.0 users with local access to the system. The vendor considers this 'by design' and places responsibility on users for host security.

📋 TL;DR

This vulnerability allows local attackers to bypass authentication in Chia Blockchain's RPC server master passphrase handler, potentially accessing private keys or sending unauthorized transactions. Only affects Chia Blockchain 2.1.0 users with local access to the system. The vendor considers this 'by design' and places responsibility on users for host security.

💻 Affected Systems

Products:

Chia Blockchain

Versions: 2.1.0

Operating Systems: All platforms running Chia Blockchain

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Chia Blockchain RPC server is running and accessible locally.

📦 What is this software?

Blockchain by Chia

View all CVEs affecting Blockchain →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains unauthorized access to private keys and can steal cryptocurrency assets or manipulate blockchain transactions.

🟠

Likely Case

Local user with malicious intent could access wallet functions they shouldn't have permission to use.

🟢

If Mitigated

With proper host security controls, impact is minimal as it requires local access.

🌐 Internet-Facing: LOW - Attack requires local access, cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Local attackers with access to the system could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploit requires local access and technical knowledge of Chia Blockchain RPC interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available. Vendor rejected bug report stating this is 'by design' and user is responsible for host security.

🔧 Temporary Workarounds

Disable RPC Server

all

Turn off the RPC server if not required for your use case

chia stop all
Disable chia services from auto-starting

Restrict Local Access

all

Implement strict access controls to prevent unauthorized local users from accessing the system

Use firewall rules to restrict local network access to Chia RPC port
Implement user account controls

🧯 If You Can't Patch

Implement strict host security controls including user access restrictions and monitoring
Isolate Chia Blockchain nodes on dedicated systems with no other users or services

🔍 How to Verify

Check if Vulnerable:

Check if running Chia Blockchain version 2.1.0 with RPC server enabled

Check Version:

chia version

Verify Fix Applied:

Verify Chia Blockchain is not version 2.1.0 or RPC server is disabled

📡 Detection & Monitoring

Log Indicators:

Unauthorized RPC calls to send_transaction or get_private_key functions
Failed authentication attempts followed by successful RPC operations

Network Indicators:

Local network connections to Chia RPC port (typically 8555) from unexpected sources

SIEM Query:

source="chia.log" AND ("send_transaction" OR "get_private_key") AND NOT "authenticated"

📊 Metadata

CVE ID: CVE-2026-3194

CVSS v3 Score: 4.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-287

Published: February 25, 2026

Last Updated: March 5, 2026

🔗 References

https://github.com/Danimlzg/chia-rpc-auth-bypass.git Exploit,Third Party Advisory
https://vuldb.com/?ctiid.347750 Permissions Required,VDB Entry
https://vuldb.com/?id.347750 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.757201 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3194, you might also want to check these: