CVE-2026-59723

Cline · Cline

Cline contains an Origin Validation Error (CWE-346) that can allow unauthorized cross-origin interactions with the coding agent.

Executive summary

An origin validation vulnerability in the Cline autonomous coding agent could allow an attacker to perform unauthorized actions, posing a significant risk to development environments.

Vulnerability

This vulnerability involves a failure to properly validate the origin of incoming requests, potentially allowing malicious actors to interact with the Cline IDE extension or CLI assistant. The attack vector is identified as adjacent, requiring user interaction to facilitate the exploitation of the origin validation flaw.

Business impact

Successful exploitation of this vulnerability could lead to unauthorized code execution or sensitive information disclosure within a developer's environment. Given the high CVSS score of 8.8, this flaw represents a significant risk to the integrity of software development pipelines and the confidentiality of source code repositories.

Remediation

Immediate Action: Update the Cline extension or CLI tool to version 3.0.30 or later immediately.

Proactive Monitoring: Review IDE and system logs for unexpected outbound network connections or unauthorized command execution patterns originating from the Cline extension.

Compensating Controls: Ensure development environments are isolated from untrusted local networks and maintain strict endpoint security controls to monitor for suspicious process behavior.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The severity of this vulnerability necessitates immediate attention. Administrators and individual developers should verify their current version of Cline and apply the 3.0.30 update without delay to prevent potential cross-origin attacks against their development environment.