CVE-2026-44211

Summary

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.

Affected Software

VendorProductVersion RangeStatus
clinecline<= 2.13.0affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function
  • CWE-1385: CWE-1385: Missing Origin Validation in WebSockets

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References