| CVE-2026-45374 |
critical |
9.6 |
9.6 |
|
|
|
15d ago |
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:14… |
| CVE-2026-45311 |
critical |
9.6 |
9.6 |
|
|
|
15d ago |
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user… |
| CVE-2026-45373 |
high |
7.4 |
7.4 |
|
|
|
15d ago |
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as htt… |
| CVE-2026-45310 |
high |
7.4 |
7.4 |
|
|
|
15d ago |
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to … |