Cline CVE-2026-59723
HIGHSeverity by source
AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Any internet site reaching loopback justifies AV:N over NVD's AV:A; AC:H reflects the required non-default state (ROOM_SECRET unset plus configured provider); UI:R as the victim must visit the page; S:C as browser origin control crosses into host actions.
Primary rating from Vendor (github).
CVSS VectorVendor: github
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local 127.0.0.1 binds, isAuthorizedBrowserRequest() allows attacker-controlled websites to send desktopCommand frames that read workspace state, mutate MCP and provider settings, and trigger command execution when a provider or model is configured. This issue is fixed in version 3.0.30.
AnalysisAI
Cross-origin WebSocket hijacking in the Cline Hub dashboard server (the process started by cline dashboard) before version 3.0.30 lets a malicious website drive an active local Cline session. Because the /browser WebSocket endpoint does not validate the Origin header and isAuthorizedBrowserRequest() trusts any request when ROOM_SECRET is unset on a 127.0.0.1 bind, any site a victim visits can send desktopCommand frames to read workspace state, alter MCP and provider/model settings, and-when a provider or model is configured-invoke command execution on the developer's machine. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the victim be actively running the Cline Hub dashboard server via the `cline dashboard` command bound to 127.0.0.1 with the ROOM_SECRET environment variable unset (the condition under which isAuthorizedBrowserRequest() authorizes any browser request), and that the victim visit an attacker-controlled or compromised website in a browser on that same host (UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score is 8.8 (High) with vector AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, reflecting no authentication, a scope change, and full CIA impact, gated only by user interaction (the victim must have a vulnerable dashboard running and then visit a malicious page). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A developer runs `cline dashboard` on their workstation (loopback bind, ROOM_SECRET unset) with an AI provider already configured, then browses to a malicious or compromised web page in the same browser. JavaScript on that page opens a WebSocket to the local /browser endpoint-accepted because the Origin header is never checked-and sends desktopCommand frames to exfiltrate workspace state, rewrite MCP/provider settings, and trigger command execution on the host. … |
| Remediation | Vendor-released patch: upgrade Cline to 3.0.30 or later (release cli-v3.0.30), which adds Origin validation for the /browser WebSocket endpoint per the GitHub Security Advisory GHSA-3cj3-hqcr-g934 (https://github.com/cline/cline/security/advisories/GHSA-3cj3-hqcr-g934) and pull request https://github.com/cline/cline/pull/11724 (commit d09270940f5746f288cfc4a5039b46a2f4d5d01e). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all Cline Hub deployments for affected versions; isolate dashboard processes from untrusted networks; verify ROOM_SECRET environment variable is configured. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-346 – Origin Validation Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today