CVE-2026-44211: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Severity: Critical

CVSS Score: 9.7

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches.