CVE-2026-44211

Source
https://cve.org/CVERecord?id=CVE-2026-44211
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44211.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44211
Aliases
Published
2026-06-01T16:01:55.587Z
Modified
2026-07-08T08:14:45.820642215Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
Details

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1385",
        "CWE-306"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44211.json"
}
References

Affected packages

Git / github.com/cline/cline

Affected ranges

Type
GIT
Repo
https://github.com/cline/cline
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.13.0"
        }
    ],
    "cpe": "cpe:2.3:a:cline:cline:*:*:*:*:*:*:*:*"
}

Affected versions

Other
cli-build-024bb65
cli-build-4d455ea
cli-build-6278382
cli-build-6b07e8c
cli-build-a03642b
cli-build-b2bfc3d
v0.*
v0.0.1-cli
v0.0.2-cli
v1.*
v1.0.4
v1.0.51
v1.0.6
v1.0.61
v1.0.62
v1.0.7
v1.0.71
v1.0.72
v1.0.73
v1.0.82
v1.0.84
v1.0.85
v1.0.9
v1.0.91
v1.0.92
v1.0.93
v1.0.94
v1.0.95
v1.0.98
v1.1.0
v1.1.1
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.5.13
v1.5.19
v1.5.27
v1.5.4
v1.5.6
v1.6.0
v1.6.5
v1.7.0
v1.8.0
v1.9.0
v2.*
v2.0.0
v2.0.4-cli
v2.0.5-cli
v2.1.0
v2.11.0-cli
v2.12.0-cli
v2.13.0-cli
v2.2.0
v2.2.0-cli
v2.2.1-cli
v2.2.2-cli
v2.2.3-cli
v2.4.0-cli
v2.4.1-cli
v2.4.2-cli
v2.4.3-cli
v2.5.0-cli
v2.5.1-cli
v2.5.2-cli
v2.6.0-cli
v2.6.1-cli
v2.7.0-cli
v2.7.1-cli
v2.8.0-cli
v2.8.1-cli
v2.8.2-cli
v2.9.0-cli
v3.*
v3.0.0
v3.1.0
v3.10.0
v3.10.1
v3.11.0
v3.11.1
v3.12.0
v3.12.1
v3.12.2
v3.12.3
v3.13.1
v3.13.2
v3.13.3
v3.14.0
v3.15.0
v3.15.1
v3.15.2
v3.15.3
v3.15.4
v3.15.5
v3.16.1
v3.16.2
v3.16.3
v3.17.0
v3.17.1
v3.17.10
v3.17.11
v3.17.12
v3.17.13
v3.17.14
v3.17.14-a
v3.17.15
v3.17.16
v3.17.2
v3.17.3
v3.17.4
v3.17.5
v3.17.6
v3.17.7
v3.17.8
v3.17.9
v3.18.0
v3.18.1
v3.18.10
v3.18.11
v3.18.12
v3.18.13
v3.18.14
v3.18.15
v3.18.2
v3.18.3
v3.18.4
v3.18.5
v3.18.6
v3.18.9
v3.19.2
v3.19.3
v3.19.4
v3.19.5
v3.19.6
v3.19.7
v3.19.8
v3.2.0
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.20.0
v3.20.1
v3.20.11
v3.20.12
v3.20.13
v3.20.2
v3.20.3
v3.20.4
v3.20.5
v3.20.6
v3.20.7
v3.20.8
v3.20.9
v3.21.0
v3.22.0
v3.23.0
v3.24.0
v3.25.0
v3.25.1
v3.25.2
v3.25.3
v3.26.0
v3.26.1
v3.26.2
v3.26.3
v3.26.4
v3.26.5
v3.26.6
v3.28.0
v3.28.1
v3.28.2
v3.28.3
v3.28.4
v3.29.0
v3.29.1
v3.29.2
v3.3.0
v3.30.0
v3.30.1
v3.30.2
v3.30.3
v3.31.0
v3.31.1
v3.32.0
v3.32.1
v3.32.2
v3.32.3
v3.32.4
v3.32.5
v3.32.6
v3.32.6-cli
v3.32.7
v3.33.0
v3.33.1
v3.34.0
v3.34.1
v3.35.0
v3.35.1
v3.36.0
v3.36.1
v3.37.0
v3.37.1
v3.38.0
v3.38.1
v3.38.3
v3.39.0
v3.39.1
v3.39.2
v3.4.0
v3.40.0
v3.41.0
v3.42.0
v3.43.0
v3.43.1
v3.44.0
v3.44.1
v3.44.2
v3.45.0
v3.46.0
v3.46.1
v3.47.0
v3.48.0
v3.49.0
v3.49.1
v3.5.0
v3.5.1
v3.50.0
v3.51.0
v3.52.0
v3.53.0
v3.53.1
v3.54.0
v3.55.0
v3.56.0
v3.57.0
v3.57.1
v3.58.0
v3.59.0
v3.6.0
v3.6.9
v3.61.0
v3.62.0
v3.63.0
v3.64.0
v3.65.0
v3.66.0
v3.67.0
v3.67.1
v3.68.0
v3.69.0
v3.7.0
v3.7.1
v3.70.0
v3.71.0
v3.72.0
v3.73.0
v3.74.0
v3.75.0
v3.76.0
v3.77.0
v3.8.0
v3.8.3
v3.8.4
v3.8.5
v3.8.6
v3.9.0
v3.9.1
v3.9.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44211.json"