Bitwarden CLI 2026.4.0 compromised in Checkmarx supply chain attack

devApr 23, 202661

Bitwarden's CLI npm package version 2026.4.0 was compromised after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline to insert malicious code. The injected code exfiltrated environment secrets and delivered credential-stealing malware through the npm package, enabling attackers to harvest credentials and propagate the malware. Security teams linked the compromise to the broader Checkmarx supply chain campaign, putting CI credentials, encrypted vault contents, and cryptocurrency keys at risk. Organizations using the CLI should treat 2026.4.0 as untrusted, rotate exposed secrets, audit CI workflows, and upgrade to a patched release.

Key Highlights

Bitwarden CLI version 2026.4.0 contained malicious code inserted through a GitHub Action.

Injected code exfiltrated environment secrets and pushed credential-stealing malware via npm.

Security teams tied the compromise to the Checkmarx supply chain campaign.

3 sources

thehackernews.comBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign socket.devBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain ...cryptotrendnews.siteBitwarden CLI supply chain attack puts cryptocurrency wallet keys at risk

Bitwarden CLI 2026.4.0 compromised in Checkmarx supply chain attackdev Anthropic publishes Claude Code post‑mortem and issues fixesdev Ubuntu 26.04 LTS, 'Resolute Raccoon' releaseddev

Bitwarden CLI 2026.4.0 compromised in Checkmarx supply chain attack

Key Highlights

Related