CVE-2026-3193
CWE-352Published: February 25, 2026· Updated: Feb 27, 2026
Official Description
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
Technical Analysis
CVE-2026-3193 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (3)
Quick Facts
Related CVEs (CWE-352)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-3193 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts