CVE-2026-44211

Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

CVSS 9.6 CRITICALEPSS 0.2%CWE-1385 CWE-306

In short

Cline Kanban Server versions 2.13.0 and earlier allow attackers from other websites to hijack WebSocket connections, potentially taking control of the server or stealing sensitive data. This happens because the server doesn't properly verify that connection requests come from trusted sources.

Technical detail

A cross-origin WebSocket hijacking vulnerability exists in Cline Kanban Server ≤2.13.0 where insufficient origin validation allows attackers to establish WebSocket connections from malicious domains (CWE-1385: Inadequate Encoding of Output; CWE-306: Missing Authentication for Critical Function). An attacker can craft a malicious webpage that, when visited by a user with an active Cline session, establishes an authenticated WebSocket channel to the target server, potentially achieving command execution or data exfiltration.

Summary generated and translated by AI from the official description.

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

cline · cline

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cline/cline/security/advisories/GHSA-5c57-rqjx-35g2