We use cookies to improve your experience on our site.
AVID-2026-R0427
Description
Cline Bot AI Coding Agent Code Execution via Prompt Injection and TOCTOU Script Invocation
Details
Cline is vulnerable to prompt injection when analyzing source code files. This prompt injection can be used to execute arbitrary code by breaking the model’s ability to analyze an entire potential execution chain for safety.
References
- Mindgard Disclosure
- From Prompt to Pwn: Cline Bot AI Coding Agent Vulnerabilities
- Cline AI Coding Agent Website
Affected or Relevant Artifacts
- Developer: Cline
- Deployer:
- Artifact Details:
| Type | Name |
|---|---|
| System | Cline AI Coding Agent |
Impact
- (none)
Other information
- Report Type: Advisory
- Credits: Aaron Portnoy, Mindgard
- Date Reported: 2025-08-27
- Version: 0.3.1
- AVID Entry