A malicious version of the Bitwarden command-line interface (CLI) was distributed through npm after attackers compromised the project’s CI/CD pipeline. Security companies like Socket and JFrog have published analysis of what happened and what it means for security teams.
The affected package, @bitwarden/cli version 2026.4.0, was tampered with prior to publication, allowing attackers to inject credential-stealing malware into what appeared to be a legitimate release. Researchers say the compromise is part of a broader campaign exploiting trusted GitHub Actions workflows, including those tied to Checkmarx, to infiltrate software supply chains.
According to Socket, the attackers gained access to Bitwarden’s CI/CD pipeline by abusing a compromised GitHub Action. This allowed them to modify the build process itself, inserting malicious code into the package before it was published to npm. JFrog’s analysis confirmed that the injected payload was designed to execute during installation, targeting developer environments where the CLI is commonly used.
More supply-chain attack analysis:
Bill Brenner
Bill Brenner
The malware focused on harvesting sensitive data at scale. Both research teams report that it attempted to extract GitHub and npm authentication tokens, SSH private keys, environment variables stored in .env files, shell history, and cloud service credentials. That data was then exfiltrated to attacker-controlled infrastructure, including private domains and, in some cases, GitHub repositories using stolen credentials.
Researchers warn that the impact can quickly extend beyond the initially compromised system. If stolen credentials are used to push secrets into public or accessible repositories, they can be discovered and abused by other threat actors, creating a cascading exposure risk across organizations and development ecosystems.
The attack highlights a growing shift in adversary tactics toward CI/CD pipelines and developer tooling. By compromising trusted automation workflows, attackers can inject malicious code into widely used packages without needing to exploit downstream users directly. In this case, the abuse of GitHub Actions allowed the threat actor to operate inside a legitimate build process, making the malicious package difficult to distinguish from a normal release.
The compromised Bitwarden CLI version has since been identified and removed, and there is no indication that Bitwarden’s core services or vault infrastructure were impacted. However, both Socket and JFrog emphasize that any environment that installed version 2026.4.0 should be treated as potentially compromised.
Security teams are being urged to take immediate action. Recommended steps include:
- Rotating all credentials that may have been exposed, including GitHub, npm, cloud, and SSH keys
- Reviewing GitHub repositories for unauthorized commits or leaked secrets
- Auditing CI/CD pipelines for unexpected changes or the use of untrusted GitHub Actions.
Organizations should also verify that they are running a known safe version of the Bitwarden CLI and review system logs for signs of suspicious outbound connections or data exfiltration.
Given the malware’s focus on developer environments, teams should pay particular attention to build servers, developer workstations, and any systems with access to sensitive tokens.
