CVE-2026-42994

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

CWE	CWE-78
Vendor	bitwarden
Product	bitwarden cli
Published	May 1, 2026

Stay Ahead of the Next One

Get instant alerts for bitwarden bitwarden cli

Be the first to know when new unknown vulnerabilities affecting bitwarden bitwarden cli are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Bitwarden / Bitwarden CLI

2026.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.bitwarden.com: https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127