Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical OpenAI Codex macOS App Bug Lets Attackers Inject Indirect Prompts
July 7, 2026
Microsoft Teams Vulnerability Lets Attackers Install RMM Tools and EtherRAT
July 7, 2026
Cavern Manticore Exploits SysAid RMM and WinDirStat DLL Sideloading for C2 Deployment
July 7, 2026
Home/CyberSecurity News/Critical OpenAI Codex macOS App Bug Lets Attackers Inject Indirect Prompts
CyberSecurity News

Critical OpenAI Codex macOS App Bug Lets Attackers Inject Indirect Prompts

Key Takeaways A critical vulnerability, CVE-2026-14898, has been identified in the OpenAI Codex desktop application for macOS. The flaw enables indirect prompt injection attacks, leading to the...

Emy Elsamnoudy
Emy Elsamnoudy
July 7, 2026 3 Min Read
2 0

Key Takeaways

  • A critical vulnerability, CVE-2026-14898, has been identified in the OpenAI Codex desktop application for macOS.
  • The flaw enables indirect prompt injection attacks, leading to the unauthorized exfiltration of sensitive data.
  • The vulnerability exploits the application’s automatic rendering of remote images embedded within Markdown content from model responses.
  • Affected users are currently without a patch, and no specific vulnerable versions have been disclosed.

OpenAI Codex macOS App Vulnerability Exposes Sensitive Data

A significant security flaw has been discovered in the OpenAI Codex desktop application for macOS, potentially allowing attackers to leverage indirect prompt injection techniques to extract confidential information. This vulnerability, tracked as CVE-2026-14898, stems from the application’s handling of Markdown content generated by its underlying AI model.

Table Of Content

  • Key Takeaways
  • OpenAI Codex macOS App Vulnerability Exposes Sensitive Data
  • How the Attack Works
  • Stealthy Data Exfiltration Channel
  • Broader Implications for AI Security
  • What You Should Do

How the Attack Works

The core of the problem lies in the Codex app’s tendency to automatically render remote images embedded within Markdown outputs, without requiring explicit user consent or interaction. This behavior creates an unforeseen pathway for data exposure when combined with a sophisticated prompt injection attack. Threat actors can craft malicious input that subtly manipulates the AI model’s response.

Should the Codex application process untrusted content, an attacker can utilize indirect prompts to instruct the model to generate remote image URLs. These URLs are specifically designed to embed sensitive data as parameters. When the Codex desktop app subsequently renders this response, it silently fetches the remote image from a server controlled by the attacker. During this retrieval, any sensitive data encoded in the URL parameters is transmitted to the attacker’s server, effectively leaking confidential information without the user’s knowledge.

Stealthy Data Exfiltration Channel

This attack vector is particularly concerning due to its stealthy nature. Unlike many other vulnerabilities, it does not require the user to click a suspicious link, open an attachment, or approve any requests. The entire process of image retrieval and data transmission occurs silently in the background, making it difficult for users to detect. This introduces an insidious channel for data exfiltration.

According to the GitHub Advisory, the types of data at risk could include critical assets such as API keys, proprietary source code, or other information accessed via integrated tools within the Codex session. Given that Codex is frequently deployed in development environments that handle sensitive code repositories and credentials, the real-world implications of such a breach could be substantial.

Broader Implications for AI Security

The vulnerability is categorized under CWE–200, which denotes the exposure of sensitive information to unauthorized entities. While a formal CVSS score has not yet been assigned, the nature of the flaw clearly indicates a significant confidentiality risk, especially in environments where Codex interfaces with privileged systems or critical development workflows. As of the current disclosure, no patched versions have been identified, and the specific range of affected versions remains undefined. Furthermore, there is no evidence suggesting active exploitation in the wild at this time. However, the absence of available fixes and the escalating focus on prompt injection attacks in AI systems underscore the urgency for security teams to address this vulnerability.

This incident highlights a growing challenge in securing AI-powered applications. Unlike traditional software vulnerabilities, prompt injection attacks exploit the complex interplay between user input, the AI model’s behavior, and the application’s logic. In this specific scenario, the combination of automatic content rendering and AI-generated outputs inadvertently creates a new attack surface. For instance, a developer using Codex to analyze system logs or retrieve data from an external API could inadvertently process attacker-controlled input. If this input contains a hidden prompt injection, the model might generate a response featuring a malicious image URL that silently carries sensitive session data, leading to its automatic transmission.

What You Should Do

  • Until a patch is released, exercise extreme caution when processing untrusted content or input within the OpenAI Codex macOS application.
  • Review how AI-generated outputs are rendered within the application and consider disabling automatic fetching of remote resources if such an option is available.
  • Implement robust monitoring of outbound network requests from the Codex application to detect unusual data transmissions.
  • Isolate sensitive data and credentials from environments where Codex is used, limiting its access to critical systems and information.
  • Stay informed about official updates from OpenAI regarding this vulnerability and apply patches immediately upon availability.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Microsoft Teams Vulnerability Lets Attackers Install RMM Tools and EtherRAT

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical BeyondTrust Vulnerabilities Allow Access Control Bypass
July 7, 2026
Windows Device ID Used to Apprehend Scattered Spider Cybercriminal
July 7, 2026
Critical fast-mcp-telegram CVE-2023-4589 lets attackers access sensitive files
July 7, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us