Description
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.
Published: 2026-06-01
Score: 9.6 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw allows attackers who can reach the Cline Kanban server’s WebSocket endpoint to hijack connections by sending crafted frames. Because the server does not validate the origin header, malicious actors can impersonate legitimate clients, potentially accessing or altering Kanban data, as indicated by the cross‑origin WebSocket hijacking weakness. The associated CWE‑1385 points to missing origin checks, while CWE‑306 highlights potential authentication bypass issues. No evidence is provided of remote code execution or direct data exfiltration from this flaw.

Affected Systems

All Cline products that include the Kanban server component – the SDK, IDE extension, and CLI assistant – running version 2.13.0 or earlier are affected.

Risk and Exploitability

The CVSS score of 9.6 signals a critical risk. Because the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the likelihood of exploitation is unclear, but the absence of origin validation means any client that can reach the WebSocket endpoint can exploit the flaw without authentication. This makes it potentially useful for targeted attacks against users of the affected Cline versions.

Generated by OpenCVE AI on June 1, 2026 at 19:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or limit traffic to the Cline Kanban WebSocket endpoint to known, trusted origins or networks using firewalls or access controls.
  • Implement network segmentation so that only authorized agents and services can reach the Kanban server.
  • Regularly check the vendor’s website for an updated version (greater than 2.13.0) or patch and upgrade immediately when available.
  • If a patch is not available, consider disabling or removing the Kanban server feature until remediation is applied.

Generated by OpenCVE AI on June 1, 2026 at 19:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5c57-rqjx-35g2 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
History

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Cline
Cline cline
Vendors & Products Cline
Cline cline

Mon, 01 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.
Title Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
Weaknesses CWE-1385
CWE-306
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Cline Cline
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-01T17:45:22.683Z

Reserved: 2026-05-05T15:13:47.571Z

Link: CVE-2026-44211

cve-icon Vulnrichment

Updated: 2026-06-01T17:44:58.723Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-01T17:17:07.617

Modified: 2026-06-01T19:16:48.127

Link: CVE-2026-44211

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T18:45:34Z

Weaknesses