Cline hit by cyberattack
Incident
Summary
Hide ▲
Show ▼
A Cline CLI supply-chain incident on February 17, 2026 used a compromised npm publish token to publish [email protected] with a postinstall step that silently installed OpenClaw on developer machines. The poisoned package was live for about eight hours, was downloaded roughly 4,000 times, and did not affect the VS Code extension or JetBrains plugin. Cline responded by releasing 2.4.0, deprecating 2.3.0, revoking the token, and moving npm publishing to OIDC via GitHub Actions.
Related Happenings
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
Cline Kanban server WebSocket origin/authentication security flaw
Vulnerability
H score33
First: 07.05.2026 17:30
Last: 07.05.2026 17:30
Sources 1
About this happening:
**Cline Kanban server** has a **critical WebSocket origin/authentication flaw** that can let a webpage a developer visits **exfiltrate workspace data**, **inject terminal commands...
Cline Kanban server WebSocket origin/authentication security flaw
VulnerabilityAbout this happening: **Cline Kanban server** has a **critical WebSocket origin/authentication flaw** that can let a webpage a developer visits **exfiltrate workspace data**, **inject terminal commands...
GitHub git push RCE (CVE-2026-3854)
Vulnerability
H score27
First: 29.04.2026 15:41
Last: 29.04.2026 15:41
Sources 1
About this happening:
GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...
GitHub git push RCE (CVE-2026-3854)
VulnerabilityAbout this happening: GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...
Open VSX pre-publish scanning fail-open now patched security flaw
Vulnerability
H score5
First: 27.03.2026 15:57
Last: 27.03.2026 15:57
Sources 1
About this happening:
A **now-patched fail-open bug** in **Open VSX's pre-publish scanning pipeline** could let **malicious VS Code extensions** bypass vetting and go live in the registry, weakening a...
Open VSX pre-publish scanning fail-open now patched security flaw
VulnerabilityAbout this happening: A **now-patched fail-open bug** in **Open VSX's pre-publish scanning pipeline** could let **malicious VS Code extensions** bypass vetting and go live in the registry, weakening a...
Npm package ecosystem CanisterWorm exploitation wave
Exploitation Wave
H score28
First: 23.03.2026 10:31
Last: 23.03.2026 10:31
Sources 1
About this happening:
Attackers expanded the **Trivy** compromise into a **self-propagating CanisterWorm** wave that hit **dozens of npm packages**, creating broad downstream supply-chain risk. The abu...
Npm package ecosystem CanisterWorm exploitation wave
Exploitation WaveAbout this happening: Attackers expanded the **Trivy** compromise into a **self-propagating CanisterWorm** wave that hit **dozens of npm packages**, creating broad downstream supply-chain risk. The abu...
Timeline
-
20.02.2026 00:33 3 articles · 4mo ago
Cline 2.3.0 npm package silently installs OpenClaw
Initial DisclosureUsers who downloaded Cline version 2.3.0 received a poisoned npm package that used a post-install hook to silently install OpenClaw on their systems, affecting about 4,000 downloads over roughly eight hours before deprecation; Cline revoked the compromised token, removed the tainted package, and released version 2.4.0 with OIDC provenance via GitHub Actions.
Show sources
- Supply Chain Attack Secretly Installs OpenClaw for Cline Users — www.darkreading.com — 20.02.2026 00:33
- Supply Chain Attack Secretly Installs OpenClaw for Cline Users — www.darkreading.com — 20.02.2026 00:33
- Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems — thehackernews.com — 20.02.2026 16:20