Cross-Site Request Forgery in Chia Blockchain Product
CVE-2026-3193

2.3LOW

Key Information:

Vendor

Chia

Status
Blockchain
Vendor
CVE Published:
25 February 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-3193?

A vulnerability within the Chia Blockchain version 2.1.0 has been identified, characterized by an unknown function in the /send_transaction file that is susceptible to cross-site request forgery (CSRF). This flaw allows remote attackers to manipulate transactions by sending unauthorized requests to users who are authenticated. The complexity of the exploit is notably high, making it challenging to execute. Despite being reported to the vendor prior to disclosure, their response indicated that the issue is considered by design, thereby placing the onus on users to manage their host security. Given the public availability of the exploit, users are advised to remain vigilant and implement security measures to protect against potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Blockchain 2.1.0

References

https://vuldb.com/?id.347749
vdb-entry
https://vuldb.com/?ctiid.347749
signaturepermissions-required
https://github.com/Danimlzg/chia-rpc-auth-bypass.git
broken-linkexploit

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.