CVE-2026-44211
Analyzed Analyzed - Analysis Complete
Cross-Origin WebSocket Hijack in Cline Kanban Server

Publication date: 2026-06-01

Last updated on: 2026-06-03

Assigner: GitHub, Inc.

Description
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-03
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-44211
EUVD
EUVD-2026-33662
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cline cline to 2.13.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1385 The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-44211 is a critical vulnerability in the kanban npm package used by the Cline CLI, which allows a cross-origin WebSocket hijack attack. The kanban server exposes three WebSocket endpoints on 127.0.0.1:3484 without proper Origin header validation or authentication. This flaw enables any website a developer visits to silently connect and interact with the server.

  • Attackers can leak sensitive real-time data such as workspace filesystem paths, task titles and descriptions, git branch information, and AI agent chat messages.
  • Attackers can hijack running AI agent terminals by injecting arbitrary prompts, potentially leading to remote code execution (RCE).
  • Attackers can terminate active agent tasks, causing denial of service (DoS).

The root cause is missing Origin header validation during WebSocket upgrades and lack of authentication on all three exposed endpoints, allowing attackers to connect and send commands without verification.

Impact Analysis

This vulnerability can have severe impacts including:

  • Leakage of sensitive and confidential data such as filesystem paths, task details, git branch information, and AI agent communications.
  • Remote code execution by attackers injecting commands into AI agent terminals, potentially compromising the entire system.
  • Denial of service by terminating active AI agent tasks, disrupting workflows and productivity.

Because the attack can be performed remotely over the network without privileges and with low complexity, it poses a critical risk to affected environments running Cline or the kanban package on macOS, Linux, and Windows.

Detection Guidance

This vulnerability can be detected by checking for the presence of the kanban server WebSocket endpoints running on localhost (127.0.0.1) at port 3484, which do not validate the Origin header or require authentication.

You can use network scanning or local port checking commands to identify if the vulnerable service is running.

  • On Linux or macOS, use: netstat -an | grep 3484
  • Or: lsof -i :3484
  • On Windows, use: netstat -an | findstr 3484

Additionally, you can attempt to connect to the WebSocket endpoints on 127.0.0.1:3484 using WebSocket client tools or scripts to see if the server responds without Origin header validation or authentication.

Mitigation Strategies

Immediate mitigation steps include restricting access to the localhost WebSocket port 3484 to trusted processes only and avoiding visiting untrusted websites while the vulnerable kanban server is running.

Since no patches are available at the time of disclosure, recommended actions are:

  • Stop or disable the kanban server or the Cline CLI if it is not essential.
  • Use firewall rules or local network policies to block external or untrusted local processes from connecting to 127.0.0.1:3484.
  • Avoid browsing untrusted websites while the vulnerable service is running to prevent cross-origin WebSocket hijacking.

Long term, apply patches or updates once they become available that implement Origin header validation and authentication on the WebSocket endpoints.

Compliance Impact

The vulnerability allows attackers to leak sensitive real-time data such as workspace filesystem paths, task titles and descriptions, git branch information, and AI agent chat messages. This exposure of sensitive information could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

Additionally, the ability to hijack AI agent terminals and execute arbitrary commands could compromise system integrity and availability, further impacting compliance with standards that mandate secure and reliable system operations.

Since the vulnerability involves unauthorized data access and potential remote code execution without proper authentication or validation, affected organizations may face increased risk of data breaches and service disruptions, which are critical concerns under regulations such as GDPR and HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart