{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "0.3.0"
              },
              {
                "fixed": "0.8.23"
              }
            ],
            "source": "AFFECTED_FIELD"
          },
          "events": [
            {
              "introduced": "3204f556af2cf5f0bcc604fb9fd230b3a5a2e965"
            },
            {
              "fixed": "cfb5f08ae515f8dcf93aa10bdcf37dff3549e7ec"
            }
          ],
          "repo": "https://github.com/hmbown/codewhale",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-wx44-2q6h-j6p8"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45311.json"
  },
  "details": "CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build scripts, and proc macros. While auto-approving test execution is a deliberate design choice, it creates an inconsistency in the security boundary. However, in a malicious repository, test code can execute arbitrary shell commands, exfiltrate credentials, or establish persistence with zero approval. The attack is amplified by AGENTS.md (auto-loaded into the system prompt), which can instruct the model to run tests proactively at session start. This vulnerability is fixed in 0.8.23.",
  "id": "CVE-2026-45311",
  "modified": "2026-07-08T05:37:54.792468429Z",
  "published": "2026-05-28T17:32:26.950Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45311.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/Hmbown/CodeWhale/security/advisories/GHSA-wx44-2q6h-j6p8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45311"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CodeWhale: run_tests Tool Enables RCE via Malicious Repository Without Approval"
}