38 matches found
CVE-2026-44211
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
EUVD-2026-33662
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211
CVE-2026-44211 describes a cross-origin WebSocket hijacking vulnerability in Cline Kanban Server. Three endpoints exposed without Origin validation (ws://127.0.0.1:3484/api/runtime/ws, /api/terminal/io, /api/terminal/control) allow a malicious site to connect from any origin. Potential impacts do...
Cline 安全漏洞
Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy’s personal developers. Cline versions 2.13.0 and earlier contained security vulnerabilities, which were caused by cross-source WebSocket hijacking. These vulnerabilities could allow attackers to hijack...
EUVD-2026-31699
A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be...
CVE-2026-9468 dazeb cline-mcp-memory-bank index.ts handleInitializeMemoryBank path traversal
A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be...
PT-2026-43082
A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be...
Cline Memory Bank 路径遍历漏洞
Cline Memory Bank is a model context protocol server for persistent project context management for AI development by Darren Bennett Personal Developer. A path traversal vulnerability exists in Cline Memory Bank, which stems from the operation of the parameter projectPath of the function...
@axelspringer/hubots (>=1.0.0 <=1.0.11), @flambo/bot (>=0.1.0 <=0.1.2) +186 more potentially affected by CVE-2026-44211 via cline (=0.8.2)
cline NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on cline and may be impacted: - @axelspringer/hubots =1.0.0, =0.1.0, =0.0.2-alpha.0, =0.0.1, =0.1.0, =0.0.0, =0.0.16, =4.0.0-alpha.2, =0.3.0, =2.0.0 and more Source cves:...
NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability discovered by ? in WordPress Npm cline versions = 2.13.0...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
Cline 安全漏洞
Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy developers. Cline has a security vulnerability, which stems from OS command injection, potentially leading to remote code execution...
CVE-2026-30312
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30312
CVE-2026-30312 affects DSAI-Cline’s command auto-approval module. AOS command injection exists due to newline characters embedded in whitelisted input, bypassing the string-based validation and causing the PowerShell interpreter to treat the newline as a separator, which can lead to Remote Code E...
CVE-2026-30313
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30313
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...