Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-88gh-2526-gfrr | DeepSeek TUI has SSRF IPV6 bypass |
Sat, 30 May 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hmbown
Hmbown codewhale |
|
| Vendors & Products |
Hmbown
Hmbown codewhale |
Thu, 28 May 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as http://[::1], the SSRF defenses do not work. This vulnerability is fixed in 0.8.26. | |
| Title | CodeWhale: SSRF IPV6 bypass | |
| Weaknesses | CWE-918 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-30T02:05:45.704Z
Reserved: 2026-05-12T00:51:29.086Z
Link: CVE-2026-45373
Updated: 2026-05-30T02:05:40.978Z
Status : Deferred
Published: 2026-05-28T18:16:35.717
Modified: 2026-05-30T04:17:22.183
Link: CVE-2026-45373
No data.
OpenCVE Enrichment
Updated: 2026-05-29T15:48:12Z
Github GHSA