CVE-2026-45373 – CodeWhale: SSRF‌ IPV6 bypass

CVE ID :CVE-2026-45373

Published : May 28, 2026, 6:16 p.m. | 15 minutes ago

Description :CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://[::1], the SSRF defenses do not work. This vulnerability is fixed in 0.8.26.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…