npm package
cline
pkg:npm/cline
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2026-1380Malicious code in cline (npm)Mar 12, 2026
- GHSA-9ppg-jx86-fqw7Unauthorized npm publish of cline@2.3.0 with modified postinstall scriptFeb 19, 2026
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44211 | Cri | 9.6 | <= 2.13.0 | — | Jun 1, 2026 | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches. |
- affected <= 2.13.0
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.