External risk intelligence

CodeWhale Agents May Allow Unauthorized Shell Access

CVE advisorySeverity: CRITICAL (CVSS 9.6)

CVE-2026-45374

A flaw in CodeWhale's task creation tool may permit sub-agents unrestricted shell access when a user approves a task. This could allow attackers to gain unauthorized control over affected systems, potentially leading to data compromise and significant business risk. Organizations should review their use of this tool.

1Halo Surface Signal

Code Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-45374

This is a terminal-based developer tool operating within a local environment. It is not a public-facing network service, gateway, or internet-accessible appliance. Exploitation requires specific user interaction within a local session, making reachability from the public internet extremely unlikely in standard developer deployments.

Horizon Alert

Summary of the vulnerability and why it matters

CodeWhale, a coding agent for terminals, contains a flaw in its task creation process. This weakness allows sub-agents to gain unrestricted shell access, even when a user believes they are approving a benign task. This could lead to unauthorized actions within the affected system.

Vulnerable component: CodeWhale task creation tool
Core weakness: Insecure default settings grant unapproved shell access
Main business impact: Unauthorized system access and data compromise

Attack Path

How an attacker could exploit the issue

An attacker can exploit a vulnerability in the CodeWhale task creation tool to gain shell access. This occurs when a user approves a task, which inadvertently grants unrestricted shell access to a sub-agent. The sub-agent then operates with unapproved shell permissions, potentially leading to unauthorized actions.

Exposure: User approves task.
Attacker starting point: Malicious task prompt.
Trigger and result: Sub-agent gains shell access.

Live Threat

Current exploitation, exposure, and threat context

The identified vulnerability in CodeWhale, a coding agent, could allow attackers to gain unrestricted shell access to a user's system. This occurs when a user approves a task that appears benign but, due to insecure defaults in the tool's design, silently grants elevated permissions to a sub-agent. Successful exploitation could lead to significant data compromise and unauthorized system control. Organizations should consider the potential impact on their data and systems.

Likely attacker skill level: Moderate.
Required access or conditions: User interaction required.
Business risk or urgency: High potential for data loss.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in CodeWhale could allow attackers to gain unrestricted shell access by exploiting insecure defaults in its task creation process. The impact on affected organizations could include the compromise of systems and data, as well as significant business risk due to unauthorized actions performed by malicious actors. This situation requires immediate attention to mitigate potential threats.

Identify CodeWhale installations.
Restrict or disable task creation.
Update to the fixed version.
Confirm the update is applied.
Monitor for unusual activity.

Frequently asked questions

What is CodeWhale and what is it used for?

CodeWhale is a terminal-based coding agent that uses DeepSeek and MiMo. It functions as a tool for developers, assisting with coding tasks directly within their command-line environment.

What type of vulnerability does CVE-2026-45374 represent in CodeWhale?

CVE-2026-45374 is a CWE-94 vulnerability, which relates to the improper control of program execution. In CodeWhale, this means that insecure defaults in its task creation tool can allow spawned sub-agents to gain unrestricted shell access without explicit user approval beyond the initial task acceptance.

How is the CodeWhale vulnerability triggered and what does not trigger it?

The vulnerability is triggered when a user approves a 'task_create' call. While this requires user approval, the spawned sub-agent silently receives unrestricted shell access due to insecure defaults. Accepting a task that does not involve 'task_create' would not trigger this specific vulnerability.

Who should be concerned about CVE-2026-45374?

Developers and organizations using CodeWhale should be concerned. Although Halo Surface Signal indicates this is a terminal-based tool unlikely to be internet-facing, its exploitation requires user interaction within a local session, meaning internal systems could be at risk if the tool is in use.

What is the first step to address the CodeWhale vulnerability?

The first practical step is to identify all installations of CodeWhale within your environment. Following this, it is crucial to update CodeWhale to version 0.8.26 or later, as this version contains the fix for the vulnerability.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.