Bitwarden CLI Compromised in Supply Chain Attack Targeting npm
On April 22, 2026, attackers briefly compromised the Bitwarden CLI by uploading a malicious version of the @bitwarden/cli npm package (version 2026.4.0). The package, available between 5:57 PM and 7:30 PM ET, contained a credential-stealing payload designed to spread to other projects.
Bitwarden confirmed the incident, stating the breach was limited to its npm distribution channel and did not affect end-user vault data, production systems, or the legitimate CLI codebase. The company revoked compromised access, deprecated the malicious release, and initiated remediation.
Attack Details
Security firms Socket, JFrog, and OX Security reported that threat actors likely exploited a compromised GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code. The package included a preinstall script and a custom loader (bw_setup.js) that checked for the Bun runtime downloading it if absent before executing an obfuscated JavaScript file (bw1.js).
The malware targeted:
- npm and GitHub authentication tokens
- SSH keys
- Cloud credentials (AWS, Azure, Google Cloud)
Stolen data was encrypted with AES-256-GCM and exfiltrated via public GitHub repositories under victims’ accounts, marked with the string "Shai-Hulud: The Third Coming" a reference to prior npm supply chain attacks. The malware also had self-propagating capabilities, using stolen credentials to inject malicious code into other packages.
Connections to Other Attacks
The attack shares infrastructure and malware overlaps with a recent Checkmarx supply chain breach, including:
- The same telemetry endpoint (
audit.checkmarx[.]cx/v1/telemetry) - Identical obfuscation routines (
__decodeScrambledwith seed0x3039) - Similar credential theft and GitHub-based exfiltration tactics
Both campaigns have been attributed to TeamPCP, a threat actor previously linked to attacks on Trivy and LiteLLM.
Bitwarden’s investigation found no evidence of broader compromise, but developers who installed the affected version were advised to rotate exposed credentials, particularly those tied to CI/CD pipelines and cloud environments.
Bitwarden TPRM report: https://www.rankiteo.com/company/bitwarden1
"id": "bit1776975830",
"linkid": "bitwarden1",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Developers who installed the '
'malicious @bitwarden/cli '
'package',
'industry': 'Cybersecurity, Password Management',
'name': 'Bitwarden',
'type': 'Company'}],
'attack_vector': 'Compromised GitHub Action in CI/CD pipeline',
'customer_advisories': 'Developers who installed the affected version were '
'advised to rotate exposed credentials.',
'data_breach': {'data_encryption': 'AES-256-GCM',
'data_exfiltration': 'Yes (via public GitHub repositories '
'under victims’ accounts)',
'sensitivity_of_data': 'High (credentials for CI/CD pipelines '
'and cloud environments)',
'type_of_data_compromised': 'Authentication tokens, SSH keys, '
'cloud credentials'},
'date_detected': '2026-04-22T17:57:00-04:00',
'date_publicly_disclosed': '2026-04-22',
'description': 'Attackers briefly compromised the Bitwarden CLI by uploading '
'a malicious version of the @bitwarden/cli npm package '
'(version 2026.4.0). The package contained a '
'credential-stealing payload designed to spread to other '
'projects. The breach was limited to the npm distribution '
'channel and did not affect end-user vault data, production '
'systems, or the legitimate CLI codebase.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'supply chain compromise',
'data_compromised': 'npm and GitHub authentication tokens, SSH '
'keys, cloud credentials (AWS, Azure, Google '
'Cloud)',
'identity_theft_risk': 'High (stolen credentials could lead to '
'identity theft)',
'operational_impact': 'Developers advised to rotate exposed '
'credentials',
'systems_affected': 'npm distribution channel, developer '
'environments'},
'initial_access_broker': {'entry_point': 'Compromised GitHub Action in CI/CD '
'pipeline',
'high_value_targets': 'npm and GitHub '
'authentication tokens, SSH '
'keys, cloud credentials'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Revoked compromised access, '
'deprecated malicious '
'release, rotated exposed '
'credentials',
'root_causes': 'Compromised GitHub Action in CI/CD '
'pipeline'},
'recommendations': 'Rotate exposed credentials, particularly those tied to '
'CI/CD pipelines and cloud environments. Monitor for '
'suspicious activity in GitHub repositories.',
'references': [{'source': 'Bitwarden'},
{'source': 'Socket'},
{'source': 'JFrog'},
{'source': 'OX Security'}],
'response': {'communication_strategy': 'Public disclosure and advisories to '
'developers',
'containment_measures': 'Revoked compromised access, deprecated '
'malicious release',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Rotated exposed credentials, advised '
'developers to rotate credentials',
'third_party_assistance': 'Socket, JFrog, OX Security'},
'stakeholder_advisories': 'Developers advised to rotate exposed credentials '
'and monitor for suspicious activity.',
'threat_actor': 'TeamPCP',
'title': 'Bitwarden CLI Compromised in Supply Chain Attack Targeting npm',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'CI/CD pipeline compromise'}