CVE-2026-45311
Description
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build scripts, and proc macros. While auto-approving test execution is a deliberate design choice, it creates an inconsistency in the security boundary. However, in a malicious repository, test code can execute arbitrary shell commands, exfiltrate credentials, or establish persistence with zero approval. The attack is amplified by AGENTS.md (auto-loaded into the system prompt), which can instruct the model to run tests proactively at session start. This vulnerability is fixed in 0.8.23.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| crates.io | deepseek-tui | >=0.3.0,<0.8.23 | 0.8.23 |
| crates.io | deepseek-tui-cli | >=0.3.0,<0.8.23 | 0.8.23 |
| npm | deepseek-tui | >=0.3.0,<0.8.23 | 0.8.23 |
| NPM | deepseek-tui | >= 0.3.0, < 0.8.23 | 0.8.23 |
| RUST | deepseek-tui-cli | >= 0.3.0, < 0.8.23 | 0.8.23 |
| RUST | deepseek-tui | >= 0.3.0, < 0.8.23 | 0.8.23 |
References
CWEs
CWE-94
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.