VYPR
Critical severity9.6GHSA Advisory· Published May 28, 2026· Updated Jun 1, 2026

CVE-2026-45311

CVE-2026-45311

Description

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build scripts, and proc macros. While auto-approving test execution is a deliberate design choice, it creates an inconsistency in the security boundary. However, in a malicious repository, test code can execute arbitrary shell commands, exfiltrate credentials, or establish persistence with zero approval. The attack is amplified by AGENTS.md (auto-loaded into the system prompt), which can instruct the model to run tests proactively at session start. This vulnerability is fixed in 0.8.23.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
deepseek-tuicrates.io
>= 0.3.0, < 0.8.230.8.23
deepseek-tui-clicrates.io
>= 0.3.0, < 0.8.230.8.23
deepseek-tuinpm
>= 0.3.0, < 0.8.230.8.23

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.