Bitwarden CLI Supply Chain Attack: Malicious Version 2026.4.0 Exfiltrates Credentials
Summary
Italy's national CSIRT (CSIRT-ITA) has issued a high-criticality advisory regarding a supply chain attack targeting Bitwarden CLI. On April 22, 2026, a malicious version of @bitwarden/cli (2026.4.0) was published to the npm registry, subsequently deprecated and removed. The compromised package was designed to automatically activate during CLI installation/execution and exfiltrate credentials and secrets including GitHub tokens, npm tokens, SSH keys, and cloud credentials from affected systems. The threat is particularly acute for development and CI/CD environments where Bitwarden CLI is commonly deployed. Users who installed version 2026.4.0 should treat their environments as potentially compromised and implement recommended mitigation measures.
Organizations using Bitwarden CLI in automated pipelines should audit their npm installation logs for the April 22, 2026 exposure window and treat any matching installations as compromised until remediated. The broader TeamPCP campaign pattern—compromising widely-used development tools (Trivy, Checkmarx, LiteLLM, now Bitwarden CLI)—suggests organizations with extensive CI/CD dependencies should inventory all npm-installed tooling and verify package integrity independently rather than relying solely on npm publication dates.
About this source
GovPing monitors Italy CSIRT Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 8 changes logged to date.
What changed
The ACN CSIRT-ITA bulletin documents a confirmed supply chain compromise of the Bitwarden CLI npm package. A malicious version (2026.4.0) was published to the npm registry on April 22, 2026, containing embedded code designed to harvest credentials and secrets from affected systems. The package was subsequently deprecated and removed from distribution.
The bulletin identifies specific attack typologies (Remote Code Execution, Information Disclosure, Tampering) and provides detailed remediation guidance including uninstallation, cache cleanup, temporary disabling of npm scripts, credential rotation, and verification of CI/CD/GitHub configurations. The incident is contextualized within a broader campaign that previously targeted Trivy, Checkmarx, and LiteLLM projects, attributed to the threat actor TeamPCP.
Affected parties include developers, DevOps engineers, and organizations that installed Bitwarden CLI v2026.4.0 via npm during the exposure window. These users must conduct security reviews of their environments, assume compromise, rotate all exposed secrets, and reinstall the patched version (2026.4.1). Security teams should also review related bulletins covering the broader TeamPCP supply chain campaign.
What to do next
- Uninstall the compromised version: npm uninstall -g @bitwarden/cli
- Clean the npm cache: npm cache clean --force
- Rotate all potentially exposed credentials including API tokens, SSH keys, and development/automation credentials
- Verify GitHub repositories, CI/CD workflows, and associated credentials for unauthorized access or anomalous modifications
- After completing mitigation, install the secure version: npm install -g @bitwarden/cli@2026.4.1
Related changes
Get daily alerts for Italy CSIRT Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from ACN.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Italy CSIRT Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.