Bitwarden CLI version 2026.4.0 has released a malicious package via npm. Affected users are advised to upgrade immediately.

CoinFeed reported on April 24th that, according to a reminder forwarded by 23pds, Chief Information Security Officer of SlowMist, from the Bitwarden security team, due to the Checkmarx supply chain attack, version 2026.4.0 of the Bitwarden CLI was released as a malicious package via npm between 5:57 PM and 7:30 PM ET on April 22nd. Only users who installed it via npm during this time window were affected. The official confirmation is that Vault data was not leaked and the production system was not compromised. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials such as API tokens and SSH keys, check for unusual activity on GitHub and CI, and upgrade to version 2026.4.1.