{"vulnerability": "cve-2026-42994", "sightings": [{"uuid": "e1170741-080c-4612-a110-ebecf196ee74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42994", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116497791564275450", "content": "\ud83d\udea9 CVE-2026-42994: Bitwarden CLI v2026.4.0 (npm, Apr 2026) has a HIGH severity OS Command Injection (CVSS 8.8) due to a supply chain compromise. No patch yet. Avoid this version & verify installs. More info: https://radar.offseq.com/threat/cve-2026-42994-cwe-78-improper-neutralization-of-s-70529260 #OffSeq #Bitwarden #AppSec", "creation_timestamp": "2026-05-01T06:00:28.653615Z"}, {"uuid": "f7d1dc33-4584-4280-bff4-292c5ced6a24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42994", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkrha6jb7626", "content": "Bitwarden CLI v2026.4.0 (npm, Apr 2026) faces HIGH severity OS Command Injection (CVSS 8.8). Supply chain compromise \u2014 avoid this version & check your installs. No patch yet. https://radar.offseq.com/threat/cve-2026-42994-cwe-78-improper-neutralization-of-s-70529260 #OffSeq #Bitwarden #Vuln", "creation_timestamp": "2026-05-01T06:00:30.455444Z"}, {"uuid": "ee6134a8-8c13-4c61-a1b2-445bee2e044e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42994", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkrjfrmfue2n", "content": "CVE-2026-42994 - Bitwarden CLI Malicious Code Injection\nCVE ID : CVE-2026-42994\n \n Published : May 1, 2026, 5:16 a.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious cod...", "creation_timestamp": "2026-05-01T06:39:25.181462Z"}]}