top of page
perceptive_background_267k.jpg

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement:…

Published:

27 mei 2026 om 22:00:00

Alert date:

28 mei 2026 om 19:09:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Security Tools

CodeWhale, a DeepSeek + MiMo coding agent, contained a critical vulnerability from versions 0.3.0 to 0.8.23. The run_tests tool executed cargo test with automatic approval, allowing arbitrary code execution without user consent. In malicious repositories, this could lead to shell command execution, credential theft, or persistence establishment. The vulnerability was amplified by AGENTS.md auto-loading, which could trigger proactive test execution. Fixed in version 0.8.23.

Technical details

Mitigation steps:

Affected products:

CodeWhale

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-45311
https://github.com/Hmbown/CodeWhale/security/advisories/GHSA-wx44-2q6h-j6p8

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page