CVE-2026-42994

CVE-2026-42994 concerns Bitwarden CLI 2026.4.0 (released around 2026-04-22) when obtained from npm, which reportedly contained embedded malicious code as part of a Checkmarx supply chain incident. Public documents identify the affected software and the malicious supply chain context, but do not p...