Bitwarden CLI Compromised in Checkmarx Supply Chain Attack
In a recent cybersecurity incident, the Bitwarden Command Line Interface (CLI) was compromised as part of an ongoing supply chain attack linked to Checkmarx. Security firms JFrog and Socket have identified that version 2026.4.0 of the Bitwarden CLI contained malicious code embedded within the ‘bw1.js’ file. This breach is believed to have exploited a compromised GitHub Action within Bitwarden’s Continuous Integration/Continuous Deployment (CI/CD) pipeline, mirroring tactics observed in other repositories affected by this campaign.
The malicious code, executed via a preinstall hook, was designed to steal sensitive information, including GitHub and npm tokens, SSH keys, environment variables, shell history, GitHub Actions secrets, and cloud credentials. The exfiltrated data was transmitted to a domain impersonating Checkmarx, audit.checkmarx[.]cx, and, as a fallback, to a GitHub repository.
The attack sequence involved launching a credential stealer targeting developer secrets and configurations for AI coding tools such as Claude, Kiro, Cursor, Codex CLI, and Aider. The stolen data was encrypted using AES-256-GCM before exfiltration. If GitHub tokens were discovered, the malware utilized them to inject malicious workflows into repositories and extract CI/CD secrets.
Security experts have warned that a single developer installing the compromised Bitwarden CLI could serve as an entry point for a broader supply chain attack, granting attackers persistent access to multiple CI/CD pipelines accessible via the developer’s token.
Although the malicious version has been removed from npm, the compromise follows the same GitHub Actions supply chain vector identified in the Checkmarx campaign. Threat actors have been found abusing stolen GitHub tokens to inject new GitHub Actions workflows that capture secrets available to the workflow run and use harvested npm credentials to push malicious versions of the package to downstream users.
Security researcher Adnan Khan noted that this incident marks the first known compromise of a package using npm’s trusted publishing mechanism.
The threat actor known as TeamPCP is suspected to be behind this latest attack targeting Checkmarx. As of now, TeamPCP’s account on X has been suspended for violating platform rules.
OX Security’s analysis revealed a reference to Shai-Hulud: The Third Coming within the malicious package, suggesting this could be the next phase of the supply chain attack campaign that emerged last year. The exfiltration of user data to public repositories on GitHub poses a significant risk, as such data can be accessed by anyone searching GitHub, thereby exposing sensitive information to a broader audience.
Bitwarden has confirmed the incident, attributing it to the compromise of its npm distribution mechanism following the Checkmarx supply chain attack. The company emphasized that no end-user vault data was accessed or at risk, and that production data and systems remained uncompromised. Upon detection, Bitwarden revoked compromised access, deprecated the malicious npm release, and initiated remediation steps. The issue was confined to the npm distribution mechanism for the CLI during a limited window and did not affect the integrity of the legitimate Bitwarden CLI codebase or stored vault data. Users who did not download the package from npm during that window were not affected. Bitwarden has completed a review of internal environments, release paths, and related systems, confirming no additional impacted products or environments. A Common Vulnerabilities and Exposures (CVE) identifier for Bitwarden CLI version 2026.4.0 is being issued in connection with this incident.
This incident underscores the critical importance of securing CI/CD pipelines and the potential risks associated with supply chain attacks. Developers and organizations are urged to remain vigilant, regularly audit their dependencies, and implement robust security measures to protect against such threats.
