CVE-2026-45374: CWE-94: Improper Control of Generation of Code ('Code Injection') in Hmbown CodeWhale
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) and auto_approve defaults to true (task_manager.rs:297: auto_approve: Some(true)). When a user approves a task_create call (which requires ApprovalRequirement::Required), they approve what appears to be a benign work prompt. However, the spawned sub-agent silently receives unrestricted, unapproved shell access. This vulnerability is fixed in 0.8.26.
AI Analysis
Technical Summary
CodeWhale versions before 0.8.26 contain a code injection vulnerability (CWE-94) due to insecure default configurations in the task_create tool. Specifically, sub-agents spawned inherit allow_shell and auto_approve settings defaulting to true, allowing them to gain unrestricted shell access silently after user approval of a task_create call. This leads to a critical security risk with high impact on confidentiality, integrity, and availability. The vulnerability is resolved in version 0.8.26. The CVSS 3.1 score is 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary code with unrestricted shell access on the affected system, bypassing intended approval controls. This compromises system confidentiality, integrity, and availability. The vulnerability affects all versions prior to 0.8.26 of CodeWhale. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Upgrade CodeWhale to version 0.8.26 or later, where this vulnerability is fixed. Since no official patch link or advisory is provided, users should verify the version and update accordingly. There is no indication that temporary mitigations or workarounds exist. Patch status is not explicitly confirmed by a vendor advisory; therefore, users should consult the vendor for the latest remediation guidance.
CVE-2026-45374: CWE-94: Improper Control of Generation of Code ('Code Injection') in Hmbown CodeWhale
Description
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) and auto_approve defaults to true (task_manager.rs:297: auto_approve: Some(true)). When a user approves a task_create call (which requires ApprovalRequirement::Required), they approve what appears to be a benign work prompt. However, the spawned sub-agent silently receives unrestricted, unapproved shell access. This vulnerability is fixed in 0.8.26.
CVSS v3.1
Score 9.6critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CodeWhale versions before 0.8.26 contain a code injection vulnerability (CWE-94) due to insecure default configurations in the task_create tool. Specifically, sub-agents spawned inherit allow_shell and auto_approve settings defaulting to true, allowing them to gain unrestricted shell access silently after user approval of a task_create call. This leads to a critical security risk with high impact on confidentiality, integrity, and availability. The vulnerability is resolved in version 0.8.26. The CVSS 3.1 score is 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary code with unrestricted shell access on the affected system, bypassing intended approval controls. This compromises system confidentiality, integrity, and availability. The vulnerability affects all versions prior to 0.8.26 of CodeWhale. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Upgrade CodeWhale to version 0.8.26 or later, where this vulnerability is fixed. Since no official patch link or advisory is provided, users should verify the version and update accordingly. There is no indication that temporary mitigations or workarounds exist. Patch status is not explicitly confirmed by a vendor advisory; therefore, users should consult the vendor for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-12T00:51:29.086Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a188377e29bf47b50179042
Added to database: 5/28/2026, 6:03:35 PM
Last enriched: 5/28/2026, 6:18:27 PM
Last updated: 5/29/2026, 8:28:22 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.