VYPR

Deepseek Tui

by Hmbown

Source repositories

CVEs (4)

  • CVE-2026-45374CriMay 28, 2026
    risk 0.55cvss 9.6epss 0.00

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) and auto_approve defaults to true…

  • CVE-2026-45311CriMay 28, 2026
    risk 0.55cvss 9.6epss 0.00

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test…

  • CVE-2026-45373HigMay 28, 2026
    risk 0.41cvss 7.4epss 0.00

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://[::1], the SSRF defenses do not work. This vulnerability is fixed in…

  • CVE-2026-45310HigMay 28, 2026
    risk 0.41cvss 7.4epss 0.00

    CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to prevent SSRF attacks against internal services (cloud metadata endpoints,…