The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident.
The investigation found no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised. Once the issue was detected, compromised access was revoked, the malicious npm release was deprecated, and remediation steps were initiated immediately.
The issue affected the npm distribution mechanism for the CLI during that limited window, not the integrity of the legitimate Bitwarden CLI codebase or stored vault data.
Users who did not download the package from npm during that window were not affected. Bitwarden has completed a review of internal environments, release paths, and related systems, and no additional impacted products or environments have been identified at this time. A CVE for Bitwarden CLI version 2026.4.0 is being issued in connection with this incident.
What steps are being taken to prevent similar issues in the future? This comment on Github outlines some steps for hardening distribution via npm:
to prevent a user with write access to be able to directly trigger a publish with npm oidc, a few steps have to be done
use a publish environment and in that environment set up a branch rule to limit it to one or multiple specific release branches. List every branch separately and only keep active release branches. do not use a pattern that would allow creating a new matching branch
that environment must be configured on the npm package
the release branches must be protected against unreviewed >pushes (require pull request with at least 1 review)
add a mandatory approval step to the publish environment (this can theoretically be skipped if you trust the combination of review and environment lock above, but given the scope of bitwarden iād recommend having it)
And this comment on Xitter suggests that there is a broader vulnerability of CI/CD pipelines:
CI/CD pipelines as the attack vector for supply chain compromise is becoming the pattern. Malicious workflows can bypass every code review process. The publish step is the weakest link.
Are there any plans to audit and harden publishing pipelines for the other clients?
