4 matches found
CVE-2026-45310
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...
CVE-2026-45310 CodeWhale: SSRF via HTTP Redirect Bypass in fetch_url Tool
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...
CVE-2026-45310
CVE-2026-45310 describes an SSRF via HTTP redirect bypass in CodeWhale’s fetch_url tool (DeepSeek TUI). Before version 0.8.22, fetch_url validates the initial URL against a restricted-IP blocklist, but the HTTP client follows up to 5 redirects without re-validating the redirect targets, potential...
EUVD-2026-32964
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...