CVE-2026-45374 Hmbown CVE debrief

Who should care

Organizations and developers using CodeWhale terminal coding agents for automated development workflows, particularly those operating in multi-tenant or sensitive environments where unapproved shell execution poses significant risk.

Technical summary

The task_create tool in CodeWhale < 0.8.26 spawns sub-agents with allow_shell=true and auto_approve=true by default. User approval of the parent task_create call—gated by ApprovalRequirement::Required—is insufficient to prevent unauthorized shell access in spawned sub-agents, resulting in critical authorization bypass.

Defensive priority

CRITICAL

Recommended defensive actions

• Upgrade CodeWhale to version 0.8.26 or later to remediate the insecure default configuration in task_create sub-agents
• Review any existing task_create sub-agents spawned prior to upgrade for unauthorized shell activity
• Audit task configurations to verify allow_shell and auto_approve are explicitly set to false where shell access is not required
• Implement additional approval workflows for sub-agent creation if application architecture permits
• Monitor for anomalous shell execution patterns in environments where CodeWhale agents operate

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Code locations (config.rs:1499, task_manager.rs:297) and default values (allow_shell.unwrap_or(true), auto_approve: Some(true)) cited from CVE description. Fix version 0.8.26 confirmed via GitHub release reference. CVSS 9.6 (Critical) reflects network attack vector, low complexity, no privileges required, user interaction required, changed scope, and high impact across confidentiality, integrity, and availability. CWE-94 (Improper Control of Generation of Code) identified as primary weakness.

Official resources