New OpenAI Codex macOS Vulnerability Enables Stealthy Data Exfiltration
A recently disclosed vulnerability in the OpenAI Codex desktop application for macOS (tracked as CVE-2026-14898) allows attackers to exploit indirect prompt injection techniques to silently exfiltrate sensitive data. The flaw stems from the app’s handling of Markdown content in AI-generated responses, specifically its automatic rendering of remote images without user interaction.
When Codex processes untrusted input, attackers can craft malicious prompts that manipulate the model into generating responses containing remote image URLs with embedded sensitive data. As the app fetches these images, the data such as API keys, proprietary code, or session information is transmitted to an attacker-controlled server, all without the user’s knowledge.
This attack is particularly concerning because it requires no direct user action no clicks or approvals making it a stealthy data exfiltration channel. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and poses a significant confidentiality risk, especially in development environments where Codex integrates with privileged systems.
As of disclosure, no patches or affected version details have been released, and there is no evidence of active exploitation. However, the flaw underscores broader security challenges in AI-powered applications, where the interaction between user input, model behavior, and application logic creates new attack surfaces. Security teams are advised to monitor for updates and assess potential exposure in their environments.
Source: https://cybersecuritynews.com/codex-desktop-app-for-macos-vulnerability/
OpenAI TPRM report: https://www.rankiteo.com/company/openai
"id": "ope1783419841",
"linkid": "openai",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Artificial Intelligence',
'name': 'OpenAI',
'type': 'Technology Company'}],
'attack_vector': 'Indirect Prompt Injection',
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive information (API keys, '
'proprietary code, session '
'information)'},
'description': 'A recently disclosed vulnerability in the OpenAI Codex '
'desktop application for macOS (tracked as CVE-2026-14898) '
'allows attackers to exploit indirect prompt injection '
'techniques to silently exfiltrate sensitive data. The flaw '
'stems from the app’s handling of Markdown content in '
'AI-generated responses, specifically its automatic rendering '
'of remote images without user interaction. When Codex '
'processes untrusted input, attackers can craft malicious '
'prompts that manipulate the model into generating responses '
'containing remote image URLs with embedded sensitive data. As '
'the app fetches these images, the data such as API keys, '
'proprietary code, or session information is transmitted to an '
'attacker-controlled server, all without the user’s knowledge.',
'impact': {'data_compromised': 'API keys, proprietary code, session '
'information',
'systems_affected': 'OpenAI Codex desktop application for macOS'},
'post_incident_analysis': {'root_causes': 'Flaw in handling Markdown content '
'and automatic rendering of remote '
'images in OpenAI Codex for macOS'},
'recommendations': 'Monitor for updates and assess potential exposure in '
'environments where OpenAI Codex is used.',
'references': [{'source': 'Incident Description'}],
'title': 'New OpenAI Codex macOS Vulnerability Enables Stealthy Data '
'Exfiltration',
'type': 'Data Exfiltration',
'vulnerability_exploited': 'CVE-2026-14898 (CWE-200: Exposure of Sensitive '
'Information to an Unauthorized Actor)'}