Bitwarden CLI 2026.4.0 Supply Chain Attack
Musa Badru
2026-04-23
Bitwarden CLI version 2026.4.0 suffered a supply chain compromise on April 22, 2026, via a hijacked GitHub Action that enabled attackers to steal secrets and push malicious code to npm. thehackernews This incident, linked to the TeamPCP/Checkmarx campaign, highlights vulnerabilities in CI/CD pipelines for security tools. safepasswordgenerator
Attack Vector
Attackers exploited an outdated or vulnerable GitHub Action in Bitwarden's pipeline, gaining access to deploy keys, npm tokens, and other secrets. thehackernews They injected bw1.js—a backdoor script—into the package, which executed post-install on affected systems. thehackernews The malware scanned for high-value targets like GITHUB_TOKEN, SSH private keys (id_rsa), .env files, shell histories (.bash_history), AWS credentials, and Docker configs before exfiltrating data to domains such as shai-hulud[.]team and hidden GitHub repos. safepasswordgenerator
The tampered package was live on npm from approximately 5:57 PM to 7:30 PM ET, affecting users who ran npm install @bitwarden/[email protected] during that window.
Technical Breakdown
The backdoor used obfuscated JavaScript to evade detection, employing dynamic function creation and base64-encoded payloads. thehackernews Key exfiltration paths included:
- GitHub/NPM Tokens: Direct HTTP POST to attacker endpoints.
- File Enumeration: Recursive search in
~/.ssh/,~/.aws/,~/.docker/. - Persistence: Modified
package.jsonpost-install hooks for re-execution.
Bitwarden's core vault uses end-to-end AES-256 encryption with PBKDF2 key derivation, so plaintext passwords remained safe unless CLI args exposed them (e.g., bw login --password plain-text). safepasswordgenerator
| Target | Exfil Method | Risk Level |
|---|---|---|
| GITHUB_TOKEN | POST to C2 domain | Critical thehackernews |
| SSH Keys | Base64 + Upload | High thehackernews |
| .env Files | Grep & POST | High thehackernews |
| Shell History | Tail & Send | Medium safepasswordgenerator |
| Cloud Creds | JSON Parse + Exfil | Critical |
Broader Campaign Context
This attack extends TeamPCP's operations since February 2026, targeting devsecops tools like Checkmarx KICS, Trivy scanners, and LiteLLM. thehackernews Similar tactics involved GitHub Actions worms, as seen in prior incidents like CanisterWorm (29 packages) and earlier npm compromises. socket Bitwarden swiftly yanked the package and audited pipelines, but the brief window likely impacted CI workflows globally. community.bitwarden
Detection and Response
Run these commands to check exposure:
npm ls @bitwarden/cli | grep "2026.4.0"
find ~ -name "bw1.js" -type f 2>/dev/null
git log --oneline | grep "bitwarden.*2026.4.0" # In reposImmediate Actions:
- Rotate all secrets: GitHub Personal Access Tokens, npm auth, SSH keypairs, cloud IAM roles. thehackernews
- Audit workflows: Pin Actions to commit SHAs (
uses: actions/[email protected]#sha-abc123), enable dependency pinning. thehackernews - Scan systems: Use tools like
osqueryortrufflehogfor leaked creds in histories/repos. - Update Bitwarden CLI:
npm install @bitwarden/cli@latest(now 2026.4.1+). - Monitor: Watch Bitwarden status page and Socket.dev for updates. x
For vaults, enable 2FA on master accounts and avoid CLI password passthroughs in scripts. safepasswordgenerator