登录
安全情报

CVE-2026-44211 - Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

AiRedTeam

阅读时间 1 分钟
分享
📡 GitHub-Advisory · 2026-05-08

CVE-2026-44211 - Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

CVE-2026-44211

GHSA-5c57-rqjx-35g2 CRITICAL npm/cline

CVE: CVE-2026-44211

Summary

The kanban npm package (used by the cline CLI) starts a WebSocket server on 127.0.0.1:3484 with no Origin header validation. Any website a developer visits can silently connect to the kanban server via WebSocket and:

1. Leak sensitive data in real-time: workspace filesystem paths, task titles/descriptions, git branch info, AI agent chat messages

2. Hijack running AI agent terminals by injecting arbitrary prompts into the agent's input, leading to remote code execution

3. Kill running agent tasks by terminating active sessions via the control WebSocket

WebSocket connections are not subject to CORS restrictions. The browser sends them freely to localhost regardless of the page's origin. The kanban server accepts all connections without checking the Origin header.

Affected Component

  • Package: kanban on npm (https://www.npmjs.com/package/kanban)
  • Repository: https://github.com/cline/kanban
  • Tested version: 0.1.59
  • Installed via: cline CLI (cline --kanban or default cline command)
  • Endpoints: ws://127.0.0.1:3484/api/runtime/ws, ws://127.0.0.1:3484/api/terminal/io, ws://127.0.0.1:3484/api/terminal/control

Root Cause

Three WebSocket endpoints are exposed without authentication or Origin validation.

1. Runtime state stream (no Origin check on upgrade)

server.on("upgrade", (request, socket, head) => {
    if (normalizeRequestPath(requestUrl.pathname) !== "/api/runtime/ws") {
        return;
    }
    // No Origin header validation. Any website can connect.
    deps.runtimeStateHub.handleUpgrade(request, socket, head, { requestedWorkspaceId });
});

On connection, the server immediately sends a full snapshot of the developer's workspace:

sendRuntimeStateMessage(client, {
    type: "snapshot",
    currentProjectId: projectsPayload.currentProjectId,
    projects: projectsPayload.projects,       // filesystem paths
    workspaceState,                            // tasks, git info, board
    w

📌 来源: GitHub-Advisory | 🆔 CVE-2026-44211 | 📅 2026-05-08

[!] CONTACT_CHANNELS

如需商务合作、技术咨询或漏洞反馈,请通过以下离岸节点联系作者。

> PING_AUTHOR (@A1RedTeam)