{"data":{"id":"6349c628-964f-4419-83c9-562e8fdcd3ef","title":"GHSA-wx44-2q6h-j6p8: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval","summary":"DeepSeek TUI's `run_tests` tool runs without user approval (it has `ApprovalRequirement::Auto`), which allows arbitrary code execution through test files and build scripts in a repository. An attacker can create a malicious repository with hidden commands in test code and an `AGENTS.md` file (prompt injection, where hidden instructions are placed in input meant for an AI) that tricks the AI model into running tests automatically on startup, executing the attacker's code with zero user confirmation.","solution":"Change `run_tests` to require approval by modifying the approval requirement function: `fn approval_requirement(&self) -> ApprovalRequirement { ApprovalRequirement::Required }`. This matches the approval gate used by `exec_shell` (a tool for running shell commands), so users will see a prompt before tests run, though they can still approve it quickly.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-wx44-2q6h-j6p8","publishedAt":"2026-05-14T20:29:33.000Z","cveId":"CVE-2026-45311","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection","supply_chain"],"issueType":"vulnerability","affectedPackages":["deepseek-tui@>= 0.3.0, < 0.8.23 (fixed: 0.8.23)","deepseek-tui-cli@>= 0.3.0, < 0.8.23 (fixed: 0.8.23)","deepseek-tui@>= 0.3.0, < 0.8.23 (fixed: 0.8.23)"],"affectedVendors":[],"affectedVendorsRaw":["DeepSeek","DeepSeek-TUI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T20:29:33.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}