CVE-2026-45310

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.22

Description The fetch url tool implements a check using the is restricted ip() function to validate the resolved IP address of an initial URL against a blocklist of restricted IPs, such as localhost, private networks, and cloud metadata endpoints, to prevent Server-Side Request Forgery (SSRF). However, the reqwest HTTP client is configured to follow up to 5 redirects via reqwest::redirect::Policy::limited(5) without re-validating the redirect targets. This allows an attacker to bypass SSRF protections by providing a public URL that redirects to a restricted internal address. On cloud-hosted instances, this could lead to the exfiltration of instance metadata and cloud IAM credentials through prompt injection.

Recommendations Update to version 0.8.22.