CVE-2026-42994
CriticalSummary
Bitwarden CLI version 2026.4.0, obtained from npm on April 22, 2026, contained embedded malicious code. This incident is related to a Checkmarx supply chain issue.
Risk Assessment
The malicious code may lead to the compromise of user data and breaches of organizational security. Users could be exposed to attacks and loss of sensitive information.
Recommendation
It is recommended to immediately remove the installed version of Bitwarden CLI and update to the latest, secure version. A security audit of potentially affected systems should also be conducted.
Original NVD description (English source)
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

