OpenAI Codex CLI MCP Configuration Remote Code Execution

Affected Vendor(s)

OpenAI

Affected Product(s)

Codex CLI

Summary

A critical vulnerability exists in OpenAI Codex CLI that allows arbitrary command execution when a user opens a malicious repository. The Model Context Protocol (MCP) server configuration can be defined through a project-level .codex/config.toml file within an untrusted workspace.

Timeline

Discovered on
January 19, 2026
Disclosed to Vendor on
January 19, 2026
Published on
January 20, 2026

Credit

Piotr Ryciak

Blog Post

References

Codex CLI Pull Request

Start Securing Your AI Systems

See how Mindgard exposes and fixes exploitable AI risk across your AI agents and systems.

Book a Demo

Mindgard, the leading provider of AI security solutions, helps enterprises discover, assess, and defend their AI systems. Spun out from over a decade of AI security research at Lancaster University and headquartered in Boston and London, Mindgard combines AI red teaming with offensive security expertise and AI research to identify exploitable vulnerabilities in AI models, agents, and applications before attackers do.

AICPA SOC SOC 2 Type 2 Compliant
HomeAI Recon & DiscoveryAI Security and Safety AssessmentAI Runtime ProtectionAI Red TeamingOffensive AI SecurityCompare AI Security SolutionsAI Governance & ComplianceContact UsBook a Demo
DocsResourcesBlogDisclosuresCustomersAboutServicesCareersTerms & ConditionsPrivacy Policy