Summary
Key Points:
- OpenAI Codex is affected by a critical sandbox escape vulnerability (CVE-2026-305) that allows remote attackers to execute arbitrary code.
- The vulnerability has a CVSS score of 8.6, indicating high severity, and requires user interaction to exploit by processing malicious JavaScript within Codex.
- It is recommended to restrict interaction with the Codex product until a patch is released.
Technical Details: The vulnerability exists due to improper isolation within the JavaScript execution environment of OpenAI Codex, allowing attackers to bypass the sandbox and execute code in the context of the current user.
MITRE ATT&CK Techniques: None mentioned
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.