Cline Bot AI Coding Agent Data Exfiltration via Prompt Injection and DNS

Affected Vendor(s)

Cline

Affected Product(s)

Cline Coding Agent

Summary

Through malicious instructions planted in a source code file, Cline can be coerced into exfiltrating sensitive key material from a user’s environment to an attacker-controlled location.

Cline is vulnerable to prompt injection when analyzing source code files. Furthermore, this prompt injection can be used to execute what is considered a safe command (ping), which requires no user approval, in a way that will exfiltrate sensitive key material to an attacker-controlled location.

Timeline

Discovered on
August 24, 2025
Disclosed to Vendor on
August 27, 2025
Published on
November 18, 2025

Credit

Aaron Portnoy

Blog Post

From Prompt to Pwn: Cline Bot AI Coding Agent Vulnerabilities

References

Cline AI Coding Agent Website

Start Securing Your AI Systems

See how Mindgard exposes and fixes exploitable AI risk across your AI agents and systems.

Book a Demo

Mindgard, the leading provider of AI security solutions, helps enterprises discover, assess, and defend their AI systems. Spun out from over a decade of AI security research at Lancaster University and headquartered in Boston and London, Mindgard combines AI red teaming with offensive security expertise and AI research to identify exploitable vulnerabilities in AI models, agents, and applications before attackers do.

AICPA SOC SOC 2 Type 2 Compliant
HomeAI Recon & DiscoveryAI Security and Safety AssessmentAI Runtime ProtectionAI Red TeamingOffensive AI SecurityCompare AI Security SolutionsAI Governance & ComplianceContact UsBook a Demo
DocsResourcesBlogDisclosuresCustomersAboutServicesCareersTerms & ConditionsPrivacy Policy