AI Coding Tool Cline Hit by 4-Step Supply Chain Attack via GitHub Issue Title
In December 2025, Cline, an AI coding assistant with over five million users, suffered a supply chain attack stemming from a misconfigured GitHub automation workflow. The workflow granted broad tool permissions — including shell command execution — to an AI agent, and its trigger was open to any GitHub user, not just verified contributors. An attacker exploited this by injecting a malicious instruction through an unsanitized issue title, ultimately flooding the CI cache and stealing three publish tokens. The compromised tokens were used to push a tainted version of the package, cline@2.3.0, which silently installed a second AI agent on users' machines via a postinstall script. The malicious package circulated for roughly eight hours and was installed approximately 4,000 times before being detected, with the exploit arriving eight days after public disclosure of the underlying vulnerability.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in