GHSA-wx44-2q6h-j6p8: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
Summary
DeepSeek TUI's `run_tests` tool runs without user approval (it has `ApprovalRequirement::Auto`), which allows arbitrary code execution through test files and build scripts in a repository. An attacker can create a malicious repository with hidden commands in test code and an `AGENTS.md` file (prompt injection, where hidden instructions are placed in input meant for an AI) that tricks the AI model into running tests automatically on startup, executing the attacker's code with zero user confirmation.
Solution / Mitigation
Change `run_tests` to require approval by modifying the approval requirement function: `fn approval_requirement(&self) -> ApprovalRequirement { ApprovalRequirement::Required }`. This matches the approval gate used by `exec_shell` (a tool for running shell commands), so users will see a prompt before tests run, though they can still approve it quickly.
Vulnerability Details
EPSS: 0.0%
Yes
May 14, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-wx44-2q6h-j6p8
First tracked: May 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%