PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-61260 OpenAI CVE debrief

A critical vulnerability was identified in OpenAI Codex CLI v0.23.0 and earlier. The vulnerability enables code execution through malicious MCP (Model Context Protocol) configuration files when a user runs the codex command inside a malicious or compromised repository. This vulnerability has a CVSS score of 9.8, indicating a critical severity level. Users of OpenAI Codex CLI, especially those using version 0.23.0 or earlier, should be aware of this vulnerability and take immediate action to secure their environments. The vulnerability allows attackers to embed arbitrary commands that execute immediately.

Vendor
OpenAI
Product
Codex CLI
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-14
Original CVE updated
2026-07-05
Advisory published
2026-04-14
Advisory updated
2026-07-05

Who should care

Users of OpenAI Codex CLI, especially those using version 0.23.0 or earlier, should be aware of this vulnerability and take immediate action to secure their environments. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess and mitigate this vulnerability.

Technical summary

The vulnerability is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately. The CVSS score for this vulnerability is 9.8, indicating a critical severity level. This vulnerability affects OpenAI Codex CLI version 0.23.0 and earlier, and users should take immediate action to secure their environments.

Defensive priority

High

Recommended defensive actions

  • Immediately update OpenAI Codex CLI to the latest version
  • Use secure repositories and verify the integrity of MCP configuration files
  • Implement additional security measures such as input validation and command execution monitoring
  • Conduct regular security audits and vulnerability assessments
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The vulnerability was reported by Checkpoint. The CVE record was published on 2026-04-14T15:16:24.487Z and last modified on 2026-07-05T02:17:19.160Z. Evidence is limited to public CVE and NVD records. Defenders should verify the integrity of MCP configuration files and implement additional security measures such as input validation and command execution monitoring.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-14T15:16:24.487Z and has not been modified since then.