Malicious npm Package @bitwarden/cli Version 2026.4.0

60% confidence

Description

A malicious npm package published as @bitwarden/cli version 2026.4.0 executes a multi-stage payload that steals credentials from cloud providers, CI/CD systems, and developer workstations, and self-propagates by backdooring every npm package the victim can publish.

Affected Products

Vendor	Product	Versions
bitwarden	cli	2026.4.0

Related News (1 articles)

Tier C

Palo Alto Unit 424h ago

The npm Threat Landscape: Attack Surface and Mitigations

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-20

PublishedApr 24, 2026

Last enriched4h ago

Community Vote

0 upvotes0 downvotes

No votes yet

Malicious npm Package @bitwarden/cli Version 2026.4.0

Description

Affected Products

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline