Critical WebSocket Flaw in Cline Kanban Allows Hijacking of AI Coding Agents

Oasis Security identified a critical WebSocket flaw in Cline kanban that allows malicious websites to hijack AI coding agents. The vulnerability exposes these agents to unauthorized control or data exfiltration by exploiting insecure WebSocket connections. No specific CVE ID, date of discovery, or affected version numbers were disclosed in the report. The flaw impacts AI-driven coding tools integrated with Cline kanban, potentially enabling attackers to manipulate or intercept sensitive development workflows. The research highlights risks associated with improper WebSocket implementation in AI-assisted development environments. No mitigation steps or patches were mentioned in the available details.