We use cookies to improve your experience on our site.
AVID-2026-R0417
Description
OpenAI Codex CLI MCP Configuration Remote Code Execution
Details
A critical vulnerability exists in OpenAI Codex CLI that allows arbitrary command execution when a user opens a malicious repository. The Model Context Protocol (MCP) server configuration can be defined through a project-level .codex/config.toml file within an untrusted workspace.
References
Affected or Relevant Artifacts
- Developer: OpenAI
- Deployer:
- Artifact Details:
| Type | Name |
|---|---|
| System | Codex CLI |
Impact
- (none)
Other information
- Report Type: Advisory
- Credits: Piotr Ryciak, Mindgard
- Date Reported: 2026-01-19
- Version: 0.3.1
- AVID Entry