A missing Origin check in Cline Kanban’s local WebSocket channel shows how a browser tab can become a bridge into a developer workstation.
CVE-2026-44211 shows how a browser-facing developer tool can turn a supposedly private localhost interface into a serious remote-code-execution risk.