CVE-2026-45374
CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
CVSS Score
9.6
EPSS Score
0.0%
EPSS Percentile
13th
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:1499: self.allow_shell.unwrap_or(true)) and auto_approve defaults to true (task_manager.rs:297: auto_approve: Some(true)). When a user approves a task_create call (which requires ApprovalRequirement::Required), they approve what appears to be a benign work prompt. However, the spawned sub-agent silently receives unrestricted, unapproved shell access. This vulnerability is fixed in 0.8.26.
| CWE | CWE-94 |
| Vendor | hmbown |
| Product | codewhale |
| Published | May 28, 2026 |
| Last Updated | May 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for hmbown codewhale
Be the first to know when new critical vulnerabilities affecting hmbown codewhale are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Hmbown / CodeWhale
< 0.8.26