Vulnerabilities4 min read
Cline AI Agent Flaw Let Any Website Execute Code on Developer Machines
CVE-2026-44211 (CVSS 9.7) allowed malicious websites to hijack Cline's Kanban WebSocket server, exfiltrate workspace data, and execute arbitrary commands through the AI agent. Patched in v0.1.66.
Marcus ChenMay 12, 2026