Critical OpenAI Codex Flaw Exposes GitHub Tokens to Attackers

Critical OpenAI Codex Flaw Exposes GitHub Tokens to Attackers

First seen 1 Apr 2026, 10:00 UTC TechnaduOpentools.AiTech.YahooCybersecuritynews 86% similarity 70.5

Article Content

Browse articles
ThreatCluster

A critical command injection vulnerability in OpenAI's Codex has been discovered, allowing attackers to steal GitHub OAuth tokens from developers. The flaw originated from improper input validation during the branch name processing in Codex's cloud infrastructure. Security researchers from BeyondTrust Phantom Labs identified that malicious actors could inject shell commands via branch names, leading to unauthorized access to sensitive credentials. This vulnerability affected not only the Codex tool but also its command-line interface, SDK, and IDE integrations. OpenAI has since patched the issue, implementing stronger input validation and token controls. The incident highlights the increasing security risks associated with AI coding agents in development environments. Organizations are urged to treat AI execution containers as defined security boundaries and enforce strict access protocols. This incident serves as a cautionary tale regarding the security of AI tools in software development.

Key Points: • OpenAI Codex vulnerability allowed theft of GitHub OAuth tokens through command injection. • The flaw was due to improper input validation in branch name processing. • OpenAI has patched the vulnerability, but risks associated with AI tools remain significant.

ThreatCluster AI

Timeline

2026-03-30
Technadu reports on OpenAI Codex command injection flaw.
2026-03-31
Opentools.Ai highlights the security risks of the Codex vulnerability.
2026-04-01
Tech.Yahoo reports on the critical flaw and OpenAI's patch.

Community

Browse all →