Vulnerability-Lookup

mal-2026-1380

Vulnerability from ossf_malicious_packages

Published

2026-03-12 22:33

Modified

2026-03-12 22:33

Summary

Malicious code in cline (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (ba9952611b2aa348b1b5cc0349d7b905e32d34effa53081994388c37d0d3462a)

An unauthorized party used a compromised npm publish token to publish v2.3.0 of the Cline CLI on the NPM. The compromise added a postinstall script that globally installed openclaw.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "cline"
      },
      "versions": [
        "2.3.0"
      ]
    }
  ],
  "aliases": [
    "GHSA-9ppg-jx86-fqw7"
  ],
  "database_specific": {
    "malicious-packages-origins": [
      {
        "import_time": "2026-03-12T22:34:51.899506Z",
        "modified_time": "2026-03-12T22:33:41Z",
        "sha256": "ba9952611b2aa348b1b5cc0349d7b905e32d34effa53081994388c37d0d3462a",
        "source": "google-open-source-security",
        "versions": [
          "2.3.0"
        ]
      }
    ]
  },
  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: google-open-source-security (ba9952611b2aa348b1b5cc0349d7b905e32d34effa53081994388c37d0d3462a)\nAn unauthorized party used a compromised npm publish token to publish v2.3.0\nof the Cline CLI on the NPM. The compromise added a postinstall script that\nglobally installed openclaw.\n",
  "id": "MAL-2026-1380",
  "modified": "2026-03-12T22:33:41Z",
  "published": "2026-03-12T22:33:41Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://github.com/advisories/GHSA-9ppg-jx86-fqw7"
    }
  ],
  "schema_version": "1.7.4",
  "summary": "Malicious code in cline (npm)"
}

GHSA-9PPG-JX86-FQW7

Vulnerability from github – Published: 2026-02-19 15:17 – Updated: 2026-02-19 15:17

Summary

Unauthorized npm publish of cline@2.3.0 with modified postinstall script

Details

Description

On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: cline@2.3.0. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g openclaw@latest" This causes openclaw (an unrelated, non-malicious open source package) to be globally installed when cline@2.3.0 is installed. No other files were modified -- the CLI binary (dist/cli.mjs) and all other package contents are identical to the legitimate cline@2.2.3 release. A corrected version (2.4.0) was published at 11:23 AM PT and 2.3.0 was deprecated at 11:30 AM PT. The compromised token has been revoked and npm publishing now uses OIDC provenance via GitHub Actions.

Impact

Users who installed Cline CLI cline@2.3.0 during the approximately 8-hour window between 3:26 AM PT and 11:30 AM PT on February 17 will have openclaw globally installed. The openclaw package is a legitimate open source project and is not malicious, but its installation was not authorized or intended.

The Cline VS Code extension and JetBrains plugin were not affected. This advisory applies only to the Cline CLI package published on npm.

Patches

Versions 2.4.0 and higher are fixed

Workarounds

If you installed Cline CLI cline@2.3.0: 1. Update to the latest version of the Cline CLI cline update or npm installl -g cline@latest 2. Verify that you have a fixed version (2.4.0 or higher) cline --version 3. Review your environment for any unexpected installation of OpenClaw and remove it if not intended npm uninstall -g openclaw

Show details on source website