CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true (config.rs:1499: self.allowshell.unwrapor(true)) and autoapprove defaults to true (taskmanager.rs:297: autoapprove: Some(true)). When a user approves a taskcreate call (which requires ApprovalRequirement::Required), they approve what appears to be a benign work prompt. However, the spawned sub-agent silently receives unrestricted, unapproved shell access. This vulnerability is fixed in 0.8.26.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45374.json",
"cwe_ids": [
"CWE-94"
],
"cna_assigner": "GitHub_M"
}