CVE-2026-59723
Cline · Cline
Cline contains an Origin Validation Error (CWE-346) that can allow unauthorized cross-origin interactions with the coding agent.
Executive summary
An origin validation vulnerability in the Cline autonomous coding agent could allow an attacker to perform unauthorized actions, posing a significant risk to development environments.
Vulnerability
This vulnerability involves a failure to properly validate the origin of incoming requests, potentially allowing malicious actors to interact with the Cline IDE extension or CLI assistant. The attack vector is identified as adjacent, requiring user interaction to facilitate the exploitation of the origin validation flaw.
Business impact
Successful exploitation of this vulnerability could lead to unauthorized code execution or sensitive information disclosure within a developer's environment. Given the high CVSS score of 8.8, this flaw represents a significant risk to the integrity of software development pipelines and the confidentiality of source code repositories.
Remediation
Immediate Action: Update the Cline extension or CLI tool to version 3.0.30 or later immediately.
Proactive Monitoring: Review IDE and system logs for unexpected outbound network connections or unauthorized command execution patterns originating from the Cline extension.
Compensating Controls: Ensure development environments are isolated from untrusted local networks and maintain strict endpoint security controls to monitor for suspicious process behavior.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The severity of this vulnerability necessitates immediate attention. Administrators and individual developers should verify their current version of Cline and apply the 3.0.30 update without delay to prevent potential cross-origin attacks against their development environment.