How is CVE-2026-44211 exploited?

Network reachability (required): The attacker must be able to reach the Cline Kanban Server over the network, making any publicly or internally exposed instance a viable target. Authentication (not-required): No credentials or prior account access are needed to initiate the WebSocket hijack attempt. Victim interaction (required): The attack requires a user with an active session to visit an attacker-controlled page, which then hijacks the cross-origin WebSocket connection. Attack complexity (info): The exploit is reliable and imposes no special environmental conditions or race-condition requirements.

What is the impact of CVE-2026-44211?

A successful attacker reads all data transiting the WebSocket session, including task state, code context, and any credentials or tokens exchanged with the Cline agent. The attacker can inject or modify messages over the hijacked connection, altering agent instructions and corrupting in-progress coding tasks. The attacker can terminate or disrupt the WebSocket session, crashing the Cline Kanban workflow and causing loss of in-flight task state. Because the scope is changed (S:C in the CVSS vector), impact can extend beyond the Cline process itself to other resources accessible via the agent's execution context.

Back to search

CRITICALCVE-2026-44211Published 2026-06-01Modified 2026-06-01CNA GitHub_M

CVE-2026-44211: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.

CVSS v3.1: 9.6
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Cross-origin WebSocket hijacking vulnerability in Cline Kanban Server (versions 2.13.0 and prior) is reachable over the network without authentication, but requires the victim to visit a malicious page. A successful exploit gives an attacker full control over the WebSocket session, enabling them to read sensitive data, tamper with in-flight messages, and disrupt service. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.

HarborGuard Coverage

Detection

Detection for CVE-2026-44211 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the Cline SDK or CLI. Any image running cline at version 2.13.0 or earlier will surface as affected.

Available

Triage

Triage is available with a CVSS score of 9.6 (Critical, v3.1), weighted against each customer environment's compliance policy to determine urgency and blast-radius context. Routing to the appropriate team inbox within each customer org is handled automatically based on image ownership and policy configuration.

Available

Patch

No upstream fix has been published for this CVE as of the publication date. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix version is released; customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the Cline Kanban Server over the network, making any publicly or internally exposed instance a viable target.
AuthenticationNot required
No credentials or prior account access are needed to initiate the WebSocket hijack attempt.
Victim interactionRequired
The attack requires a user with an active session to visit an attacker-controlled page, which then hijacks the cross-origin WebSocket connection.
Attack complexityDetail
The exploit is reliable and imposes no special environmental conditions or race-condition requirements.

Blast Radius

A successful attacker reads all data transiting the WebSocket session, including task state, code context, and any credentials or tokens exchanged with the Cline agent.
The attacker can inject or modify messages over the hijacked connection, altering agent instructions and corrupting in-progress coding tasks.
The attacker can terminate or disrupt the WebSocket session, crashing the Cline Kanban workflow and causing loss of in-flight task state.
Because the scope is changed (S:C in the CVSS vector), impact can extend beyond the Cline process itself to other resources accessible via the agent's execution context.

How HarborGuard Handles This

Available on HarborGuard: any image running cline at version 2.13.0 or earlier is flagged Critical (CVSS 9.6) and surfaced in the affected customer's policy-weighted triage queue. Because no upstream patch exists at this time, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available automatically once a fix version is published. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention the moment the fix lands. In the interim, compensating controls to consider include network-policy isolation that restricts access to the Cline Kanban Server port to trusted internal origins only, egress filtering to block unexpected cross-origin WebSocket upgrade requests, and feature-flag gating to disable the Kanban server surface entirely in environments where it is not actively required.

See how HarborGuard automates this

Affected packages

cline / cline
<= 2.13.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

https://github.com/cline/cline/security/advisories/GHSA-5c57-rqjx-35g2

Metrics

Get notified