Remote Image Exfiltration Vulnerability in OpenAI Codex for macOS
CVE-2026-14898
Currently unrated
What is CVE-2026-14898?
The OpenAI Codex desktop application for macOS is susceptible to a vulnerability that allows remote images to be rendered from Markdown within model responses. This could enable an attacker to insert indirect prompt injections through untrusted content, prompting the Codex model to generate a remote image URL that may contain sensitive information. When the model fetches this URL, it inadvertently sends confidential data, such as API keys and source code, to an external server. This vulnerability raises significant privacy concerns due to the potential unintentional exfiltration of valuable data without any user interaction required.
Affected Version(s)
Codex desktop app for macOS 0 < 26.527.31326
