Npm · Kanban · CVE-2026-44211
**Name of the Vulnerable Software and Affected Versions**
kanban versions 0.1.0 through 0.1.59
cline versions prior to 2.13.1
**Description**
The `kanban` npm package, used by the `cline` CLI, implements a WebSocket server on `127.0.0.1:3484` that lacks Origin header validation. Because WebSocket connections bypass Cross-Origin Resource Sharing (CORS) restrictions, any website visited by a developer can silently connect to this server. This allows a malicious site to leak sensitive real-time data, including workspace filesystem paths, git branch information, task titles, and AI agent chat messages. Furthermore, an attacker can hijack running AI agent terminals by injecting arbitrary prompts, which can lead to remote code execution (RCE), or terminate active sessions, resulting in a denial of service. The issue affects the following endpoints:
- 'ws://127.0.0.1:3484/api/runtime/ws'
- 'ws://127.0.0.1:3484/api/terminal/io'
- 'ws://127.0.0.1:3484/api/terminal/control'
**Recommendations**
For kanban versions 0.1.0 through 0.1.59, validate the Origin header on all WebSocket upgrade requests to reject connections from origins other than the kanban UI.
For cline versions prior to 2.13.1, update the CLI tools to a version that includes a fix.
Implement a session token generated at server startup that must be provided as a query parameter for all WebSocket connections.
Authenticate terminal WebSocket connections to verify the client is the legitimate kanban UI.