Hmbown Codewhale
4 CVEs affecting Hmbown Codewhale. Latest disclosed: 2026-05-28. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45374 | Critical | 9.6 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, al… |
CVE-2026-45311 | Critical | 9.6 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement… |
CVE-2026-45373 | High | 7.4 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses… |
CVE-2026-45310 | High | 7.4 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restrict… |