Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-72w5-pf8h-xfp4 | DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files |
Sat, 30 May 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hmbown
Hmbown codewhale |
|
| Vendors & Products |
Hmbown
Hmbown codewhale |
Thu, 28 May 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) and auto_approve defaults to true (task_manager.rs:297: auto_approve: Some(true)). When a user approves a task_create call (which requires ApprovalRequirement::Required), they approve what appears to be a benign work prompt. However, the spawned sub-agent silently receives unrestricted, unapproved shell access. This vulnerability is fixed in 0.8.26. | |
| Title | CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files | |
| Weaknesses | CWE-94 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-30T02:04:52.694Z
Reserved: 2026-05-12T00:51:29.086Z
Link: CVE-2026-45374
Updated: 2026-05-30T02:04:48.320Z
Status : Deferred
Published: 2026-05-28T18:16:35.843
Modified: 2026-05-30T04:17:22.290
Link: CVE-2026-45374
No data.
OpenCVE Enrichment
Updated: 2026-05-29T15:48:13Z
Github GHSA