Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

The Bitwarden CLI — the command-line interface for the widely used open-source password manager — has been reported as compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from security researchers at JFrog and Socket. The affected package is @bitwarden/cli@2026.4.0, published to npm, which reportedly contains malicious code not present in the legitimate Bitwarden release.

The disclosure marks a significant escalation in the Checkmarx supply chain campaign, which had previously targeted developer tools, CI/CD utilities, and infrastructure automation packages. The compromise of a password manager CLI represents a high-value target: credentials stored or accessed through Bitwarden could expose entire organizations' secret vaults.

The Affected Package

The @bitwarden/cli package provides command-line access to Bitwarden vaults, enabling users and automation scripts to retrieve, store, and manage passwords, API keys, and other secrets. It is widely used in DevOps pipelines, CI/CD systems, and developer workflows to inject secrets into build processes without hardcoding credentials.

The Checkmarx Supply Chain Campaign

Checkmarx's supply chain security research team identified a persistent campaign targeting npm packages through a combination of techniques including:

• Typosquatting — publishing packages with names close to legitimate popular packages
• Dependency confusion — uploading packages with the same name as internal private packages
• Account compromise — hijacking legitimate maintainer accounts to publish malicious versions of real packages

In the Bitwarden CLI case, the attack vector appears to involve the last technique: the legitimate @bitwarden/cli package name was used, with a malicious version published that masquerades as a legitimate release. JFrog and Socket researchers identified the 2026.4.0 version as containing code inconsistent with the legitimate Bitwarden codebase.

What the Malicious Version Does

While full technical details of the malicious payload were still under analysis at time of reporting, researchers from JFrog and Socket noted that the compromised version contains code designed to exfiltrate sensitive information from environments where the CLI is executed.

Given the CLI's purpose — accessing password vaults — the likely objectives of the malicious payload include:

• Vault credential exfiltration — capturing the master password or session tokens used to unlock the vault
• Secret harvesting — intercepting passwords, API keys, and secure notes accessed through the CLI during normal operation
• Environment variable capture — collecting BITWARDEN_* environment variables used for headless authentication in CI/CD pipelines
• CI/CD pipeline infiltration — any secrets unlocked by the CLI in automated workflows could be forwarded to attacker-controlled infrastructure

Who Is At Risk

The compromise is particularly dangerous for:

CI/CD pipelines: Many DevOps teams use @bitwarden/cli in GitHub Actions, GitLab CI, Jenkins, and other automation systems to retrieve deployment secrets. Any pipeline that npm install-ed the 2026.4.0 version during its window of availability may have exposed all secrets accessed through those workflows.

Developer workstations: Developers who upgraded the CLI globally may have the compromised version executing with access to their personal or corporate Bitwarden vault.

Infrastructure-as-code tools: Terraform modules, Ansible playbooks, and similar tools that shell out to the Bitwarden CLI for secret injection are at risk.

Docker images: Any container image built during the compromise window that includes @bitwarden/cli@2026.4.0 carries the malicious code and will execute it in every deployment.

Identifying Exposure

Check whether the compromised version is installed:

# Check globally installed npm packages
npm list -g @bitwarden/cli
 
# Check project-level installations
npm list @bitwarden/cli
 
# Check package-lock.json for the compromised version
grep -r '"@bitwarden/cli"' package-lock.json yarn.lock

Check Docker images and CI/CD configurations:

# Scan all Dockerfiles for the compromised package
grep -r "bitwarden/cli" Dockerfile* .github/workflows/ .gitlab-ci.yml
 
# Check for the version in lockfiles across a monorepo
find . -name "package-lock.json" -exec grep -l "2026.4.0" {} \;

Review npm audit logs for download history:

# Check if the compromised version was ever installed (npm cache)
npm cache ls | grep bitwarden
 
# Review CI/CD artifact logs for the installation date window

Immediate Response Steps

1. Remove and replace the compromised version immediately:

# Remove compromised version
npm uninstall -g @bitwarden/cli
 
# Install the latest verified legitimate version
npm install -g @bitwarden/cli@latest
 
# Verify the installed version
bw --version

2. Rotate all secrets accessed through the CLI during the exposure window. This includes:

• All passwords retrieved or unlocked via bw get password
• All API keys accessed as secure notes
• CI/CD pipeline tokens and deployment credentials
• Database passwords injected through Bitwarden in automation

3. Revoke and rotate Bitwarden API keys and session tokens:

# Log out of all active sessions
bw logout
 
# Rotate your Bitwarden API key in the web vault:
# Settings > Security > API Key > Rotate API Key

4. Audit CI/CD pipeline logs for anomalous outbound network connections during build/deploy runs where the compromised CLI was present.

5. Rebuild Docker images from scratch using a verified, clean base rather than attempting to patch existing images.

6. Notify your security team and initiate an incident response investigation if any production secrets were exposed.

Broader Campaign Context

The Checkmarx supply chain campaign represents one of the most persistent and sophisticated ongoing npm supply chain threats in 2026. Previous packages targeted by the same campaign include developer utilities, testing frameworks, and infrastructure tooling — but the compromise of a password manager CLI is a new level of targeting that signals a strategic shift toward high-value credential access tools.

Security researchers note that the campaign demonstrates awareness of which developer tools have the highest access to sensitive credentials, deliberately targeting components that:

• Sit at the intersection of automation and secret management
• Are trusted by CI/CD systems with elevated permissions
• Are regularly upgraded by developers following routine npm update workflows

This targeting strategy maximizes the value of each compromised installation by ensuring the malicious code has access to credentials rather than just code.

Verification and Trust

For teams dependent on the Bitwarden CLI in production workflows, this incident underscores several key practices:

Pin dependency versions in CI/CD. Rather than relying on @latest or version ranges, pin to a specific verified version and update deliberately with manual review.

Use package integrity verification. npm supports npm ci which validates against package-lock.json checksums — use it in CI/CD instead of npm install.

Monitor npm packages for unexpected version updates. Tools like Dependabot, Renovate, or Socket's npm monitoring can alert when a package you depend on publishes a new version outside your expected update cadence.

Verify package checksums against official releases. Cross-reference published npm package hashes against the official Bitwarden GitHub repository releases.

Bitwarden has been notified and is expected to publish an official incident response statement confirming the scope of the compromise and guidance for affected users.

Sources

• The Hacker News — Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
• JFrog Security Research
• Socket Security