CVE-2026-45311 CodeWhale: run_tests Tool Enables RCE via Malicious Repository Without Approval

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

CVE-2026-45311 CodeWhale: run_tests Tool Enables RCE via Malicious Repository Without Approval

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

CVE-2026-45311

The CVE concerns the DeepSeek-TUI run_tests tool, where versions 0.3.0–0.8.23 auto-run cargo test without user approval, enabling execution of arbitrary code via test code and build scripts. The root cause is that tests are auto-approved, allowing attacker-controlled test code in a malicious repo...

CodeWhale 代码注入漏洞

CodeWhale is a terminal coding intelligence tool developed by Hunter Bown. Versions of CodeWhale from 0.3.0 to 0.8.23 contain a code injection vulnerability. This vulnerability arises from the runtests tool executing cargo test with ApprovalRequirement::Auto, allowing for the compilation and...

CVE-2026-44723

CVE-2026-44723 affects Vowpal Wabbit. The issue arises in the GitHub workflow .github/workflows/python_checks.yml where the PR title ({{ github.event.pull_request.title }}) is directly embedded inside double-quoted bash strings in four steps across four jobs, passing it as a CLI argument to run_t...

Arbitrary Code Injection

Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the runtests process. An attacker can execute arbitrary code by introducing malicious test code into a...

DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval

Summary The runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. The source code explicitly states this design choice: rust fn approvalrequirement&self - ApprovalRequirement // Tests are encouraged, so avoid gating th...

EUVD-2026-26293

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7416

Summary: CVE-2026-7416 affects PolarVista xcode-mcp-server 1.0.0, specifically the MCP Interface’s build_project/run_tests in src/index.ts. The vulnerability arises from manipulating the Request argument, enabling an OS command injection. The advisory notes remote feasibility and public disclosur...

Xcode MCP Server 命令注入漏洞

Xcode MCP Server is an Xcode-integrated context-based protocol server developed by R. Huijts. Version 1.0.0 of Xcode MCP Server contains a command injection vulnerability. This vulnerability arises from the Request operation in the buildproject/runtests function within the src/index.ts file, whic...

CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...

CLSA-2025-1738696117 php: Fix of CVE-2024-8929

CVE-2024-8929: fix various heap buffer over-reads for mysqlnd - Modify spec and run-tests.php to fix extension loading during testing...

7.13: Upgrade Confluence to latest Adopt OpenJDK versions 11.0.12

This issue includes running tests against JDK 11 latest11.0.127 and also bundling this JDK in installer...