Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
CVE-2026-44211: Cline Kanban Server Exposes Sensitive Data to Malicious Websites
GHSA-5c57-rqjx-35g2
CVE-2026-44211
Summary
The Cline Kanban Server on your local machine may allow unauthorized websites to access sensitive data and take control of running tasks. This can happen if you visit a malicious website while the server is running. To fix this, make sure to close the Cline Kanban Server when you're not using it and only run it on trusted networks.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| npm | GitHub Actions | cline | <= 2.13.0 |
Original title
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time...
Original description
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.
ghsa CVSS3.1
9.6
Vulnerability type
CWE-306
Missing Authentication for Critical Function
CWE-1385
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 8 May 2026