Bitwarden · Bitwarden Cli · CVE-2026-42994
**Name of the Vulnerable Software and Affected Versions**
Bitwarden CLI version 2026.4.0
**Description**
Bitwarden CLI version 2026.4.0, when obtained from npm, contained embedded malicious code. This issue is associated with a Checkmarx supply chain incident, where malicious code was injected into the software distribution channel.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.