Critical “Cline” AI Agent Vulnerability Enables RCE Attacks

Surfaced and summarized by Daniel Miessler from Cybersecurity News.

Cline’s kanban server exposes localhost WebSocket access by default. CVE-2026-44211 lets malicious pages read data and inject commands remotely. That turns a coding assistant into an RCE path. Validate origin headers, add session tokens, and avoid browsing while it runs.

Key points

Cline’s local server trusts the browser.
A malicious webpage can steal workspace data and inject terminal commands silently.
The bug is CVE-2026-44211.
Port 3484 and missing origin checks make the exploit work on macOS, Linux, and Windows.
Developers should stop using it exposed and add origin validation now.

Read original at Cybersecurity News →Open the full Surface feed →← Back to all news

This is one of fifty stories I surfaced this week from Surface — a tiny slice of the full feed.