CRITICAL
cline
CVE published 2026-06-01
CVE-2026-44211
A critical cross-origin WebSocket hijack vulnerability affects Cline, an autonomous coding agent distributed as an SDK, IDE extension, and CLI assistant. The flaw exists in Cline's Kanban server functionality in versions 2.13.0 and prior. The vulnerability allows network-based attackers to compromise WebSocket connections without authentication, with the attack complexity rated low and requiring user inte [truncated]