CVE-2026-3194 | Chia Blockchain 2.1.0 RPC Server Master Passphrase send_transaction/get_private_key missing authentication

A vulnerability has been found in Chia Blockchain 2.1.0 and classified as critical. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication.

The identification of this vulnerability is CVE-2026-3194. The attack can only be executed locally. Furthermore, there is an exploit available.

The vendor was informed early via email. A separate report via bugbounty was rejected with the reason “This is by design. The user is responsible for host security”.

CVE-2026-3194 | Chia Blockchain 2.1.0 RPC Server Master Passphrase send_transaction/get_private_key missing authentication

Post correlati

CVE-2025-1156 | Pix Software Vivaz 6.0.10 /servlet?act=login usuario sql injection

CVE-2024-35838 | Linux Kernel up to 6.1.75/6.6.14/6.7.2 mac80211 memory leak

CVE-2024-38268 | Zyxel VMG8825-T50K up to 5.50(ABOM.8)C0 MAC Address Parser memory corruption

CVE-2024-0336 | EMTA Grup PDKS up to 20240602 access control