Bitwarden CLI npm Compromised: Checkmarx Supply Chain Attack, 1.5-Hour Window

Bitwarden's command-line tool was compromised on April 22, 2026. The malicious version @bitwarden/[email protected] was published to npm and remained available for approximately 1.5 hours — from 5:57 PM to 7:30 PM ET — before Bitwarden detected and removed it. The attack vector was a compromise of Bitwarden's GitHub Actions CI/CD pipeline via the broader Checkmarx supply chain campaign. The injected payload, contained in bw1.js, downloaded a Bun archive, executed a JavaScript payload, and stole credentials, secrets, and cloud configuration files, exfiltrating them encrypted to attacker-controlled public GitHub repositories. The malware belongs to the "Shai-Hulud" worm family. Bitwarden released clean version 2026.4.1 on April 23. No customer vault data was accessed.

A compromised CLI for a password manager is a particularly high-severity supply chain attack. Bitwarden CLI is used in CI/CD pipelines, DevOps automation scripts, and developer workstations. Any pipeline that ran @bitwarden/[email protected] during the 1.5-hour window had its secrets — API keys, cloud credentials, environment variables — stolen and exfiltrated.

How the Attack Worked

The Checkmarx supply chain campaign targets GitHub Actions workflows. The attackers compromised a GitHub Action used in Checkmarx repositories; the same action was also used in Bitwarden's CI/CD pipeline, providing the entry point.

Once inside Bitwarden's pipeline, the attackers injected malicious JavaScript into bw1.js — a file in the Bitwarden CLI build process. The injection was subtle enough to pass automated checks and produce a signed npm package that appeared legitimate. The malicious build was published as version 2026.4.0.

The payload executed in three stages:

1. On installation or execution of the CLI, bw1.js downloaded a Bun runtime archive
2. The Bun archive unpacked and executed the malicious JavaScript payload
3. The payload searched for and exfiltrated: saved credentials, API keys in environment variables, SSH keys, AWS/GCP/Azure config files, and secrets from common secret store locations (~/.aws, ~/.config/gcloud, /etc/.env variants)

Exfiltrated data was encrypted and pushed to attacker-controlled public GitHub repositories — a technique that uses GitHub's own infrastructure as the exfiltration channel, bypassing data loss prevention tools that block outbound connections to unknown IP addresses.

The "Shai-Hulud" designation — a reference to the sandworm from the Dune series — is a name applied by threat researchers to this specific worm family. The third iteration (the Checkmarx/Bitwarden campaign is called "The Third Coming" internally by the threat actor) indicates this is an established, iterating supply chain attack operation, not a one-off.

Who Was Affected

Any developer, CI/CD pipeline, or automated system that ran npm install or executed @bitwarden/[email protected] during the 1.5-hour window on April 22, 2026 is potentially affected.

The 1.5-hour window (5:57 PM – 7:30 PM ET) corresponds to early morning in East Asia and afternoon working hours on the US East Coast — a window that catches both US-based DevOps engineers running end-of-day builds and Asian-timezone pipelines running scheduled morning jobs.

The risk is not limited to systems that actively used Bitwarden CLI for credential retrieval during the window. The payload activated on execution of any Bitwarden CLI command — including version checks, vault status queries, or sync operations. Any automated pipeline running Bitwarden CLI as part of a pre-commit hook, deployment script, or scheduled job during the window ran the malicious code.

Bitwarden confirmed that no customer vault data was accessed during the attack. The payload targeted locally stored credentials and environment-level secrets on the compromised machine — not Bitwarden's cloud vault infrastructure. This is an important distinction: the attack steals secrets available on the running machine, not secrets stored in your Bitwarden vault account.

Mitigation Steps

Step 1 — Version check: If you run Bitwarden CLI in any pipeline or script, check which version was installed on April 22 between 5:57 PM and 7:30 PM ET. Check npm lock files, container build logs, or CI/CD execution logs for evidence of 2026.4.0 installation.

Step 2 — Downgrade or upgrade immediately:

• Downgrade to @bitwarden/[email protected] (last confirmed clean release before the compromise)
• Or upgrade to @bitwarden/[email protected] (clean release published April 23)
• Do not run 2026.4.0 under any circumstances

Step 3 — Treat affected machines as fully compromised: Any machine that ran 2026.4.0 should have all credentials rotated. This includes:

• AWS, GCP, and Azure IAM credentials and service account keys
• SSH private keys accessible on the machine
• Environment variables containing API keys, tokens, or passwords
• Files in ~/.aws, ~/.config/gcloud, ~/.ssh, and comparable directories
• Database connection strings in .env files or application configs

Step 4 — Search for exfiltrated data: Search public GitHub repositories for the "Shai-Hulud: The Third Coming" string or scan for repositories containing your organisation's credential patterns. The threat actor pushed exfiltrated data to public repos — some may still be accessible.

Step 5 — Lock down CI/CD GitHub Actions: The Checkmarx campaign exploited a shared GitHub Action used in multiple repositories. Audit all third-party GitHub Actions used in your CI/CD pipelines. Pin actions to specific commit hashes (not tag names — tags can be updated to point to different commits) and review action source code before importing.

The Broader Supply Chain Lesson

The Bitwarden CLI compromise is the third major supply chain attack via GitHub Actions in 2026 (hence "The Third Coming" designation). The attack pattern is consistent: target a widely-used GitHub Action, compromise it, use it to inject malicious code into builds of high-value packages, exfiltrate secrets from CI/CD execution environments.

The GitHub Actions model creates a fundamental supply chain risk that pin-to-commit mitigates but does not eliminate. When you import a GitHub Action, you are running third-party code with access to your CI/CD environment, which typically has secrets far more valuable than the application code itself. Treating GitHub Actions with the same security scrutiny as production dependencies — code review, license check, vulnerability scan — is now table-stakes for any team running production CI/CD pipelines.

For teams using Bitwarden CLI specifically in production pipelines: the architectural question is whether a password manager CLI belongs in a CI/CD pipeline at all, or whether secrets should be injected via a dedicated secrets management service (AWS Secrets Manager, HashiCorp Vault, GitHub Actions encrypted secrets) that does not require a CLI tool with local filesystem access.

Key Takeaways

• Bitwarden CLI @2026.4.0 compromised April 22, 5:57-7:30 PM ET: 1.5-hour window; Checkmarx supply chain campaign via GitHub Actions; Shai-Hulud worm family "Third Coming"
• Attack vector: malicious injection in bw1.js executed Bun archive payload that stole credentials, API keys, cloud configs and exfiltrated encrypted to attacker-controlled public GitHub repos
• Not a vault compromise: no Bitwarden cloud vault data was accessed; attack targets locally stored secrets on the running machine
• If you ran 2026.4.0: treat machine as fully compromised; rotate all AWS/GCP/Azure credentials, SSH keys, API tokens, .env secrets immediately; downgrade to 2026.3.0 or upgrade to 2026.4.1
• Search GitHub: scan for "Shai-Hulud: The Third Coming" string and your org's credential patterns in public repos — some exfiltrated data may still be accessible
• GitHub Actions supply chain hygiene: pin to commit hashes not tag names; review action source code; treat third-party Actions as production code dependencies with full security scrutiny

For the broader supply chain and CI/CD security context, read CISA KEV: SimpleHelp, Samsung MagicINFO, D-Link CVEs. For the UK NCSC critical infrastructure cyber warning, read UK NCSC: Iran, China, Russia Seismic Cyberattack Risk. Use the Email Spoof Checker to check if your domain is being used in phishing campaigns following a supply chain compromise.