VYPR

Cline

by Cline

npm: cline

Source repositories

CVEs (2)

  • CVE-2026-30313CriMar 30, 2026
    risk 0.64cvss 9.8epss 0.01

    DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as…

  • CVE-2026-44211CriJun 1, 2026
    risk 0.62cvss 9.6epss 0.00

    Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.