We use cookies to improve your experience on our site.
AVID-2026-R0415
Description
OpenAI Codex CLI Notify Field Configuration Remote Code Execution
Details
A critical vulnerability exists in OpenAI Codex CLI that allows arbitrary command execution when a user opens a malicious repository. The notify configuration field, which specifies an external command to spawn for end-user notifications, can be set through a project-level .codex/config.toml file within an untrusted workspace. When the user runs Codex in this directory and completes an agent turn, the malicious command is executed with the user’s full privileges.
References
Affected or Relevant Artifacts
- Developer: OpenAI
- Deployer:
- Artifact Details:
| Type | Name |
|---|---|
| System | Codex CLI |
Impact
- (none)
Other information
- Report Type: Advisory
- Credits: Piotr Ryciak, Mindgard
- Date Reported: 2026-01-16
- Version: 0.3.1
- AVID Entry