Cline AI Coding Agent Vulnerabilities Enable Prompt Injection, Code Execution, and Data Leakage
Posted: Thu Nov 20, 2025 3:38 pm
AI coding assistants promise productivity gains, but researchers at Mindgard have uncovered a critical vulnerability chain in Cline that transforms the tool into a security liability.
Four vulnerabilities discovered during a brief audit of the popular VSCode extension can enable attackers to exfiltrate API keys, execute arbitrary code, and leak sensitive model information all without user knowledge.
The findings underscore a fundamental security blind spot in LLM-based development tools: system prompts are not harmless configuration text.
https://cyberpress.org/cline-ai-coding- ... abilities/
Four vulnerabilities discovered during a brief audit of the popular VSCode extension can enable attackers to exfiltrate API keys, execute arbitrary code, and leak sensitive model information all without user knowledge.
The findings underscore a fundamental security blind spot in LLM-based development tools: system prompts are not harmless configuration text.
https://cyberpress.org/cline-ai-coding- ... abilities/