PT-2026-41166 · Hmbown+1 · Codewhale+2
47Cid
·
Published
2026-05-14
·
Updated
2026-05-28
·
CVE-2026-45311
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CodeWhale versions 0.3.0 through 0.8.22
Description
The
run tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, allowing it to run without user approval. Because cargo test compiles and executes arbitrary code—including test binaries, build.rs build scripts, and proc macros—a malicious repository can execute arbitrary shell commands, exfiltrate credentials, or establish persistence. This risk is increased by the AGENTS.md file, which is automatically loaded into the system prompt and can be used to instruct the model to run tests proactively at the start of a session.Recommendations
Update to version 0.8.23.
As a temporary workaround, restrict the use of the
run tests tool when working with untrusted repositories.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codewhale
Deepseek-Tui
Deepseek-Tui-Cli