Summary

A critical vulnerability in the Cline Kanban server (CVSS 9.7) allows malicious websites to hijack AI coding agents and execute arbitrary commands on a developer's machine.

Take Action:

If you're using Cline's Kanban component, immediately update the Kanban npm package to version 0.1.66 or later. Also, turn off the "Enable bypass permissions" setting so the AI agent can't run shell commands without your manual approval.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines