February 21, 2026

Cline CLI 2.3.0 Vulnerability Exploited to Install OpenClaw Malware on Developer Systems

Vaibhav February 20, 2026
Cline-CLI-2-3-0-Vulnerability-Exploited-to-Install-OpenClaw-Malware-on-Developer-Systemsdata
Post Views: 9

Recent Software Supply Chain Attack Targets Cline CLI

A recent software supply chain attack targeted the open-source coding assistant Cline CLI, installing the autonomous AI agent OpenClaw on developer systems.

Incident Details

The incident occurred when an unauthorized party used a compromised npm publish token to update the Cline CLI package on the NPM registry.

According to the maintainers of the Cline package, the unauthorized update was published on February 17, 2026, at 3:26 AM PT.

The malicious package was available for approximately eight hours, until 11:30 AM PT, during which time it was downloaded by an unknown number of users.

Response and Aftermath

The maintainers have since released version 2.4.0 and deprecated version 2.3.0.

The Microsoft Threat Intelligence team reported a noticeable increase in OpenClaw installations on February 17, 2026, as a result of the supply chain compromise.

Users who installed the compromised package are advised to update to the latest version and remove OpenClaw if it is not required.

Security Implications

The incident highlights the risks associated with AI-powered coding assistants and the importance of securing the software supply chain.

An earlier security researcher’s discovery of a vulnerability in the Cline repository’s GitHub workflow, known as Clinejection, may have contributed to the breach.

The vulnerability allowed an attacker to steal repository authentication tokens through prompt injection.

Attack Chain and Consequences

The attack chain involved exploiting the Clinejection vulnerability to gain access to the repository’s publish tokens.

The attacker then used the compromised token to publish the malicious Cline CLI package.

The incident demonstrates the potential consequences of a supply chain attack, which can have far-reaching impacts on developers and users who rely on the compromised software.

Industry Response

Industry experts emphasize the need for increased governance and security measures to protect AI-powered systems and prevent similar incidents in the future.

As AI becomes increasingly integrated into software development and deployment, the risk of AI-powered supply chain attacks is likely to grow.



About Author

Vaibhav

See author's posts

More Stories

Exploring-Ancient-Laws-Cybersecurity-Threats-and-Sorting-Algorithms-A-Deep-Dive-into-Code-of-Hammurabi-RockYou-MimicRat-Trustconnect-Introsort-AI-and-Josh-Marpetdata

Exploring Ancient Laws, Cybersecurity Threats, and Sorting Algorithms: A Deep Dive into Code of Hammurabi, RockYou, MimicRat, Trustconnect, Introsort, AI, and Josh Marpet

Vaibhav February 21, 2026
Ravenna-Hub-Resolves-Data-Exposure-Vulnerability-Impacting-Student-Information-Safelydata

Ravenna Hub Resolves Data Exposure Vulnerability Impacting Student Information Safely

Vaibhav February 21, 2026
Massive-Android-Malware-Disguises-as-IPTV-App-to-Steal-Banking-Credentials-and-Personal-Datadata-1

Massive Android Malware Disguises as IPTV App to Steal Banking Credentials and Personal Data

Vaibhav February 21, 2026

You may have missed

Exploring-Ancient-Laws-Cybersecurity-Threats-and-Sorting-Algorithms-A-Deep-Dive-into-Code-of-Hammurabi-RockYou-MimicRat-Trustconnect-Introsort-AI-and-Josh-Marpetdata

Exploring Ancient Laws, Cybersecurity Threats, and Sorting Algorithms: A Deep Dive into Code of Hammurabi, RockYou, MimicRat, Trustconnect, Introsort, AI, and Josh Marpet

Vaibhav February 21, 2026
Ravenna-Hub-Resolves-Data-Exposure-Vulnerability-Impacting-Student-Information-Safelydata

Ravenna Hub Resolves Data Exposure Vulnerability Impacting Student Information Safely

Vaibhav February 21, 2026
Massive-Android-Malware-Disguises-as-IPTV-App-to-Steal-Banking-Credentials-and-Personal-Datadata-1

Massive Android Malware Disguises as IPTV App to Steal Banking Credentials and Personal Data

Vaibhav February 21, 2026
Massive-Android-Malware-Disguises-as-IPTV-App-to-Steal-Banking-Credentials-and-Personal-Datadata

Massive Android Malware Disguises as IPTV App to Steal Banking Credentials and Personal Data

Vaibhav February 21, 2026
Mainframe-Security-in-a-Changing-Regulatory-Landscape-Aligning-with-NYDFS-DORA-and-Beyonddata

Mainframe Security in a Changing Regulatory Landscape: Aligning with NYDFS, DORA, and Beyond

Vaibhav February 21, 2026
en_USEnglish
en_USEnglish