—

CVE-2026-42994EXPLOITED

bitwarden · bitwarden cli

CVE-2026-42994: Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code.

Description

A compromised Bitwarden CLI npm package allows a remote, anonymous attacker to steal credentials and exfiltrate sensitive information.

Affected Products

Vendor	Product	Versions
bitwarden	bitwarden cli	2026.4.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	bitwarden	cert_advisory	90%

References

https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127

Related News (2 articles)

Tier B

BSI Advisories3h ago

[NEU] [hoch] Bitwarden CLI (npm): Kompromittiertes Paket ermöglicht den Diebstahl von Anmeldedaten und die Exfiltration von Informationen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-42994 | Bitwarden CLI 2026.4.0 os command injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-78

PublishedMay 1, 2026

Last enriched3h agov3

Trending Score68

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

Version History

Last enriched 3h ago

v3Tier B3h ago

Updated description with new details about credential theft and changed severity to HIGH.

descriptionseverityexploitAvailable

via BSI Advisories

v2Tier C3d ago

Updated description with details on OS command injection and changed severity to CRITICAL.

descriptionseverityactivelyExploited

via VulDB

v13d ago

Initial creation