PatchSiren cyber security CVE debrief
CVE-2026-14898 OpenAI CVE debrief
The OpenAI Codex desktop app for macOS is vulnerable to a remote image URL exfiltration attack. An attacker can induce the model to construct a remote image URL containing sensitive data, which the app automatically fetches and sends to an attacker-controlled server. This vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. The app's rendering of remote images from Markdown in model responses allows an attacker to place an indirect prompt injection in content processed by Codex.
- Vendor
- OpenAI
- Product
- Codex desktop app for macOS
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-06
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-06
- Advisory updated
- 2026-07-07
Who should care
Users of the OpenAI Codex desktop app for macOS, especially those with access to sensitive information, should be aware of this vulnerability and take necessary precautions. This includes inventorying and assessing the use of OpenAI Codex desktop app for macOS within their organization, restricting access to sensitive information and API keys within Codex sessions, and implementing monitoring to detect and respond to potential exploitation attempts.
Technical summary
The OpenAI Codex desktop app for macOS renders remote images from Markdown in model responses. An attacker can place an indirect prompt injection in content processed by Codex, inducing the model to construct a remote image URL containing sensitive data. The app automatically fetches this URL, sending the embedded data to an attacker-controlled server without a separate user click. Successful exploitation could exfiltrate secrets and other information accessible in the Codex session, including API keys, source code, and data returned by connected tools. No direct integrity or availability impact was demonstrated.
Defensive priority
Medium
Recommended defensive actions
- Inventory and assess the use of OpenAI Codex desktop app for macOS within your organization.
- Restrict access to sensitive information and API keys within Codex sessions.
- Implement monitoring to detect and respond to potential exploitation attempts.
- Apply vendor remediation as available.
- Consider compensating controls, such as network monitoring and filtering.
- Review relevant logs for exposed assets that need extra review.
- Track exceptions and retest remediated assets.
Evidence notes
The CVE record was published on 2026-07-06T20:16:30.580Z and last modified on 2026-07-07T16:16:37.877Z. The NVD entry is currently Awaiting Analysis. This vulnerability affects the OpenAI Codex desktop app for macOS, which renders remote images from Markdown in model responses. An attacker can place an indirect prompt injection in content processed by Codex, inducing the model to construct a remote image URL containing sensitive data. The app automatically fetches this URL, sending the embedded data to an attacker-controlled server without a separate user click. Successful exploitation could exfiltrate secrets and other information accessible in the Codex session, including API keys, source code, and data returned by connected tools.
Official resources
-
CVE-2026-14898 CVE record
CVE.org
-
CVE-2026-14898 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
8f4f43ab-ba69-4d92-aa1d-d772184d6fb7
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T20:16:30.580Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.