CVE-2026-44211: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

The kanban npm package (used by the cline CLI) starts a WebSocket server on 127.0.0.1:3484 with no Origin header validation. Any website a developer visits can silently connect to the kanban server via WebSocket and:

1. Leak sensitive data in real-time: workspace filesystem paths, task titles/descriptions, git branch info, AI agent chat messages
2. Hijack running AI agent terminals by injecting arbitrary prompts into the agent’s input, leading to remote code execution
3. Kill running agent tasks by terminating active sessions via the control WebSocket

WebSocket connections are not subject to CORS restrictions. The browser sends them freely to localhost regardless of the page’s origin. The kanban server accepts all connections without checking the Origin header.