Cline Kanban Vulnerability Exposes AI Coding Agents to Security Risks
A critical security flaw has been identified in the Cline Kanban server, a widely used open-source AI coding assistant. This vulnerability allows any website visited by a developer to exfiltrate workspace data, inject commands, or terminate active sessions. The flaw, rated with a CVSS score of 9.7, was discovered by Oasis Security researchers and affects version 0.1.59 of the Kanban npm package. The issue arises from missing origin validation and authentication on three WebSocket endpoints exposed by the local server. These endpoints handle runtime state, terminal I/O, and session control, allowing unauthorized access to sensitive data and command execution. The vulnerability is exacerbated by Cline's default 'bypass permissions' setting, which permits the AI agent to execute shell commands without user authorization. 
