This vulnerability (ZDI-26-305) affects OpenAI Codex installations where the sandbox can be bypassed due to insufficient isolation in the JavaScript execution environment. Remote attackers can exploit this by tricking users into processing malicious JavaScript repositories, leading to code execution in the user's context. The issue was reported to OpenAI in February 2026, with the vendor reproducing the behavior but rejecting it as out of scope for their bug bounty and stating it is not part of the default Codex product surface. No patch or official fix has been released, and the vendor has not committed to a remediation timeline. The Zero Day Initiative published the advisory in April 2026, assigning a CVSS score of 8.6.

Successful exploitation allows remote attackers to escape the sandbox environment in OpenAI Codex and execute arbitrary code with the privileges of the current user. This can lead to full compromise of the user's environment where Codex is running. User interaction is required, as the target must process a repository containing malicious JavaScript. There are no known exploits in the wild at the time of advisory publication. The vendor has not provided an official fix or patch.

No official patch or fix is currently available. The vendor has indicated the vulnerability is not in the default Codex product surface and has not accepted it under their bug bounty program. The primary mitigation is to restrict or avoid interaction with the affected Codex installations, especially avoiding processing untrusted or malicious JavaScript repositories. Monitor vendor advisories for any future updates regarding remediation.