Just found a security vulnerability in #Bitcoin Knots.

If you only use the GUI, you're not affected.

Unless you use the extended rpcauth configuration for restricting wallet access, you are very unlikely to be affected.

Even if you do use it, you're still unlikely to be impacted.

If you test that your restrictions work, you are not impacted.

If in doubt, the workaround is to stop relying on such restrictions: temporarily delete any RPC users that can't be trusted with full access.

A fix will be included in the upcoming Knots v25.

Full disclosure will be after everyone has a reasonable opportunity to upgrade.

(No, this is not related to how I was hacked 7 months ago)