PatchSiren cyber security CVE debrief
CVE-2026-45310 Hmbown CVE debrief
A Server-Side Request Forgery (SSRF) vulnerability exists in CodeWhale, a terminal-based coding agent integrating DeepSeek and MiMo. The `fetch_url` tool in versions prior to 0.8.22 performs initial IP address validation against a restricted-IP blocklist to prevent SSRF attacks against internal services such as cloud metadata endpoints, localhost, and private networks. However, the HTTP client (reqwest) is configured to automatically follow up to 5 redirects without re-validating the redirect target against the same SSRF protections. This allows an attacker to bypass the initial IP restriction by providing a URL that redirects to a restricted internal address, potentially enabling unauthorized access to internal services and sensitive metadata. The vulnerability is classified as CWE-918 (Server-Side Request Forgery) and has been assigned a CVSS 3.1 score of 7.4 (HIGH). The issue was disclosed on 2026-05-28 and fixed in version 0.8.22.
- Vendor
- Hmbown
- Product
- CodeWhale
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-28
- Original CVE updated
- 2026-05-30
- Advisory published
- 2026-05-28
- Advisory updated
- 2026-05-30
Who should care
Organizations running CodeWhale versions prior to 0.8.22, particularly those deploying the tool in cloud environments where metadata endpoints contain sensitive credentials. Security teams responsible for SSRF prevention in applications using HTTP clients with automatic redirect capabilities. Developers building tools that fetch URLs on behalf of users and implement IP-based SSRF protections.
Technical summary
The CodeWhale coding agent's `fetch_url` tool implements SSRF protection through IP blocklist validation (`is_restricted_ip()`) on the initially resolved URL. The underlying HTTP client (reqwest) uses `reqwest::redirect::Policy::limited(5)` to follow up to 5 redirects automatically. The security gap exists because redirect targets are not subjected to the same `is_restricted_ip()` validation, creating a time-of-check to time-of-use (TOCTOU) vulnerability. An attacker can supply a URL that resolves to an allowed IP address but returns an HTTP redirect response to a restricted internal address (e.g., 169.254.169.254 for cloud metadata, 127.0.0.1 for localhost, or RFC 1918 private addresses). The reqwest client follows this redirect without re-validation, resulting in successful SSRF against protected internal services. The fix in version 0.8.22 likely implements redirect target validation or disables automatic redirect following in favor of manual redirect handling with per-hop SSRF checks.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade CodeWhale to version 0.8.22 or later to remediate the SSRF bypass vulnerability
- Review and audit any custom HTTP client configurations in applications using reqwest or similar libraries to ensure redirect targets are validated against SSRF protections
- Implement defense-in-depth by deploying network-level egress filtering to restrict outbound connections from application servers to internal metadata endpoints and private IP ranges
- Monitor application logs for suspicious URL fetch patterns that may indicate SSRF exploitation attempts, particularly requests with multiple redirects
- Conduct security reviews of any tools or agents that perform URL fetching on behalf of users to ensure comprehensive SSRF protection across the entire request lifecycle
Evidence notes
The vulnerability description is derived from the official CVE record and NVD entry. The fix version 0.8.22 is confirmed by the GitHub security advisory and release tag. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N indicates network attack vector, low attack complexity, no privileges required, user interaction required, changed scope, high confidentiality impact, with no integrity or availability impact.
Official resources
2026-05-28T18:16:35.037Z