Bitwarden CLI Victim of Cyber Attack

The Bitwarden CLI, the command-line interface of the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign. This information comes from security researchers at JFrog and Socket. The affected package version is @bitwarden/cli@2026.4.0. The malicious code was published in a file named bw1.js, which is part of the package contents. This discovery raises serious questions about the security of open-source software and its dependencies.

Security researchers have determined that the compromise of the Bitwarden CLI may have far-reaching implications for users who rely on this software to manage their passwords. The exact method by which the malicious code entered the package is currently unclear. Analysis by JFrog and Socket indicates that the attackers specifically targeted the supply chain to inject malicious software into legitimate packages. Such attacks have become increasingly common in recent years and pose a serious threat to cybersecurity. Bitwarden has responded to the incidents and recommends that users immediately uninstall the affected version and switch to a secure version.

The security situation is being continuously monitored to identify and mitigate further risks. The discovery of the malicious code in the Bitwarden CLI is not the first incident of this kind. Similar attacks on open-source projects have previously led to significant security incidents. The community is urged to remain vigilant and regularly perform updates. The security researchers at JFrog and Socket have already taken measures to stop the spread of the malicious code.

They are working to inform affected users and close the security vulnerabilities. The incidents underscore the need for developers and companies to implement robust security practices, especially when using open-source software. The community is encouraged to follow security policies and regularly check for updates. The vulnerability was discovered on April 24, 2026, and the affected version has since been removed. Users should ensure that they upgrade to the latest secure version of Bitwarden CLI.