Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cline Kanban server WebSocket origin/authentication security flaw

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Cline Kanban server has a critical WebSocket origin/authentication flaw that can let a webpage a developer visits exfiltrate workspace data, inject terminal commands, or kill active sessions. The issue affects Kanban npm package version 0.1.59 and carries CVSS 9.7, making it a high-risk local-server exposure. Updating to Cline v0.1.66 closes the specific exposure.

Related Happenings

Linux kernel Copy Fail local privilege escalation (CVE-2026-31431)

Vulnerability
First: 30.04.2026 12:24 Last: 30.04.2026 12:24 Sources 1

About this happening: Researchers disclosed **CVE-2026-31431**, a **Linux kernel** local privilege-escalation flaw called **Copy Fail** that can let an **unprivileged local user** gain **root**. The bu...

Latest development: 08.05.2026 08:12

Dirty Frag was described as an unpatched Linux kernel LPE that can give an unprivileged local user root on most Linux distributions by chaining xfrm-ESP Page-Cache Write and RxRPC Page-Cache Write, while the related Copy Fail issue was reported to Linux kernel maintainers on April 30, 2026 and has come under active exploitation in the wild. CloudLinx said the flaw sits in the ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path reachable via the XFRM user netlink interface, and the researcher said Dirty Frag can be triggered regardless of whether the algif_aead module is available; a working PoC was also released.

Open Happening

OpenClaw ClawJacked localhost WebSocket brute-force security flaw

Vulnerability
First: 01.03.2026 23:44 Last: 01.03.2026 23:44 Sources 1

About this happening: **OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...

Open Happening

Cline hit by cyberattack

Incident
First: 20.02.2026 00:33 Last: 20.02.2026 00:33 Sources 1

About this happening: A **Cline CLI** **supply-chain incident** on **February 17, 2026** used a **compromised npm publish token** to publish **[email protected]** with a **postinstall** step that silently in...

Open Happening

OpenAI ShadowLeak mitigation for ChatGPT

Advisory/Mitigation
First: 19.09.2025 22:07 Last: 19.09.2025 22:07 Sources 1

About this happening: **OpenAI** acknowledged and fixed **ShadowLeak**, ending a stealthy **ChatGPT** email-exfiltration path in the studied **Gmail** integration. The mitigation mattered because the f...

Open Happening

Timeline

  1. 07.05.2026 17:30 2 articles · 20d ago

    Cline Kanban server critical WebSocket flaw disclosed

    Initial Disclosure

    Researchers at Oasis Security disclosed a critical vulnerability in the Cline Kanban server on May 7, 2026. The flaw affects Kanban npm package version 0.1.59 and stems from missing origin validation and authentication on three WebSocket endpoints exposed by the local server on port 3484. A webpage visited by a developer while Cline is running can silently exfiltrate workspace data, inject commands into the AI agent terminal, or end active sessions; updating Cline to version 0.1.66 closes the exposure.

    Show sources
    Open in new tab