Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Critical Buffa Rust Library 0-Day DoS Vulnerability in Anthropic
July 1, 2026
Critical Citrix NetScaler ADC and Gateway Bugs Allow DoS, Memory Overflow
July 1, 2026
Home/Vulnerabilities/Critical Cline AI Agent RCE Vulnerability Patched
Vulnerabilities

Critical Cline AI Agent RCE Vulnerability Patched

Key Takeaways A critical cross-origin WebSocket hijacking vulnerability (CVE-2026-44211) has been discovered in the Cline Kanban server. The flaw allows remote attackers to exfiltrate sensitive...

Jennifer sherman
Jennifer sherman
May 12, 2026 3 Min Read
43 0

Key Takeaways

  • A critical cross-origin WebSocket hijacking vulnerability (CVE-2026-44211) has been discovered in the Cline Kanban server.
  • The flaw allows remote attackers to exfiltrate sensitive workspace data and achieve remote code execution (RCE) on affected systems.
  • The vulnerability impacts developers using the open-source Cline AI coding assistant across macOS, Linux, and Windows environments.
  • Currently, no official patches are available, leaving users of older Cline CLI versions exposed.

A severe security vulnerability has been identified within the Cline Kanban server, presenting a significant risk of data exfiltration and silent remote code execution for affected users. This critical flaw impacts the widely adopted open-source AI coding assistant, according to recent disclosures.

Table Of Content

  • Key Takeaways
  • Understanding the Cline AI Agent Vulnerability
  • What You Should Do

Security researcher TheRealSpencer brought attention to the details of this cross-origin WebSocket hijacking vulnerability. The issue, officially designated as CVE-2026-44211, carries a high CVSS severity score of 9.7, underscoring its potential for widespread impact.

Analysis by researchers at Oasis Security indicates that the root cause of the problem lies in the local server exposed by the package, which fails to implement proper origin validation. This oversight leaves developers using the software vulnerable to attack simply by visiting a malicious webpage while the Cline server operates in the background.

Understanding the Cline AI Agent Vulnerability

The core of the vulnerability resides within the kanban npm package, a component integral to the Cline command-line interface. When the Cline application is launched, it initiates a local WebSocket server on port 3484. Crucially, this server operates without any authentication mechanisms and neglects to verify the origin header of incoming requests.

This architectural deficiency means that any external website a developer browses can establish a connection to their local Cline server without requiring any explicit user interaction. Security analysts have confirmed that standard web browsers do not impose restrictions on cross-origin WebSocket connections to localhost, thereby allowing malicious JavaScript to interact freely with the exposed endpoints.

Upon establishing a connection to the runtime stream, attackers gain immediate access to sensitive information. This includes, but is not limited to, filesystem paths, details of git branches, task titles, and live chat messages from the AI agent.

Beyond mere information disclosure, the vulnerability extends to enabling remote attackers to take control of active AI agent terminals. By connecting to the terminal’s input-output WebSocket, threat actors can inject arbitrary commands directly into the agent’s operational workspace. The system processes these injected commands as if they were legitimate user input, facilitating full remote code execution when followed by a carriage return.

Security experts have successfully demonstrated that this mechanism can be exploited to execute malicious shell commands on the victim’s operating system without any direct user interaction. Furthermore, the control server endpoint can be manipulated to terminate active sessions, leading to a denial-of-service condition.

The exploit’s efficacy spans all platforms where Node.js and Cline are deployed, encompassing macOS, Linux, and Windows environments. At present, no official patched versions are available to address this critical vulnerability, leaving developers who utilize older Cline CLI versions exposed to potential compromise.

Effective mitigation requires fundamental structural modifications to the application’s local web server implementation. Following the public disclosure by TheRealSpencer on GitHub, cybersecurity professionals have recommended that developers implement origin header validation to prevent unauthorized WebSocket upgrades. Additionally, generating and mandating a randomized session token at server startup could effectively block external origins from guessing the necessary connection parameters.

What You Should Do

  • Avoid running the Cline Kanban application when navigating untrusted or potentially malicious websites.
  • Monitor official Cline channels for updates and apply patches immediately once they become available.
  • Until official patches are released, consider implementing network-level restrictions or firewall rules to limit external access to port 3484 on your local machine.
  • Exercise extreme caution with any prompts or commands processed by your AI agent, as they could be manipulated by an attacker.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Malicious Chrome Extension Impersonates TronLink to Steal Crypto Wallet Credentials

Next Post

North Korean Hackers Use Git Hooks for Cross-Platform Malware Attacks

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Microsoft Teams Blocks Uninvited Bots From Meetings
July 1, 2026
Anthropic Claude AI Reportedly Uses Hidden Code to Detect Chinese Users
July 1, 2026
US Eases Export Restrictions on Claude Fable 5 and Mythos 5 AI Models
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us