{"uuid": "e1170741-080c-4612-a110-ebecf196ee74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42994", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116497791564275450", "content": "\ud83d\udea9 CVE-2026-42994: Bitwarden CLI v2026.4.0 (npm, Apr 2026) has a HIGH severity OS Command Injection (CVSS 8.8) due to a supply chain compromise. No patch yet. Avoid this version & verify installs. More info: https://radar.offseq.com/threat/cve-2026-42994-cwe-78-improper-neutralization-of-s-70529260 #OffSeq #Bitwarden #AppSec", "creation_timestamp": "2026-05-01T06:00:28.653615Z"}