2 matches found
CVE-2026-59723 Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...
PT-2026-56625
Name of the Vulnerable Software and Affected Versions Cline versions prior to 3.0.30 Description The Cline Hub dashboard server, initiated via the cline dashboard command, fails to validate the Origin header for WebSocket connections on the /browser endpoint. When the ROOM SECRET is unset for loc...