OpenAI's Codex CLI is vulnerable to command injection via project-local configuration.
https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html
https://www.databreachtoday.com/codex-bug-let-repo-files-execute-hidden-commands-a-30186
https://www.securityweek.com/vulnerability-in-openai-coding-agent-could-facilitate-attacks-on-developers/
https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/
Source: Mitre, NVD
Published: 2025-12-12
