4 matches found
CVE-2026-44211
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211
CVE-2026-44211 describes a cross-origin WebSocket hijacking vulnerability in Cline Kanban Server. Three endpoints exposed without Origin validation (ws://127.0.0.1:3484/api/runtime/ws, /api/terminal/io, /api/terminal/control) allow a malicious site to connect from any origin. Potential impacts do...
@axelspringer/hubots (>=1.0.0 <=1.0.11), @flambo/bot (>=0.1.0 <=0.1.2) +186 more potentially affected by CVE-2026-44211 via cline (=0.8.2)
cline NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on cline and may be impacted: - @axelspringer/hubots =1.0.0, =0.1.0, =0.0.2-alpha.0, =0.0.1, =0.1.0, =0.0.0, =0.0.16, =4.0.0-alpha.2, =0.3.0, =2.0.0 and more Source cves:...