Cline Bot AI Coding Agent Data Exfiltration via Prompt Injection and DNS

Affected Vendor(s)

Cline

Affected Product(s)

Cline Coding Agent

Summary

Through malicious instructions planted in a source code file, Cline can be coerced into exfiltrating sensitive key material from a user’s environment to an attacker-controlled location.

Cline is vulnerable to prompt injection when analyzing source code files. Furthermore, this prompt injection can be used to execute what is considered a safe command (ping), which requires no user approval, in a way that will exfiltrate sensitive key material to an attacker-controlled location.

Timeline

24th August, 2025 Identified flaws
27th August 2025 Reported to vendor
31st October 2025 Product re-tested
18th November 2025 Findings published

Credit

Aaron Portnoy

Blog Post

From Prompt to Pwn: Cline Bot AI Coding Agent Vulnerabilities

References

Cline AI Coding Agent Website

Learn how Mindgard can help you navigate AI Security

Take the first step towards securing your AI. Book a demo now and we'll reach out to you.

Book a Demo
Protect your AI with Mindgard

Mindgard, the leading provider of Artificial Intelligence security solutions, helps enterprises secure their AI models, agents, and systems across the entire lifecycle. Mindgard’s solution uncovers shadow AI, conducts automated AI red teaming by emulating adversaries, and delivers runtime protection against attacks like prompt injection and agentic manipulation. Trusted by leading organizations in finance, healthcare, and technology, Mindgard is backed by investors including .406 Ventures, IQ Capital, Atlantic Bridge, and Lakestar.

©️ 2025 Mindgard limited
All rights Reserved