CP
cyberpings
VulnerabilitiesCRITICAL

OpenAI Codex - Critical Flaw Exposes GitHub Tokens

Featured image for OpenAI Codex - Critical Flaw Exposes GitHub Tokens
SCSC Media
OpenAICodexGitHubOAuthBeyondTrust
🎯

Basically, a flaw in OpenAI's Codex could let hackers steal GitHub login tokens.

Quick Summary

OpenAI has fixed a serious flaw in Codex that could allow hackers to steal GitHub tokens. This vulnerability puts user accounts at risk. Immediate action is recommended to secure your GitHub access.

The Flaw

OpenAI recently addressed a critical vulnerability in its Codex tool, which is designed to assist developers by interacting with GitHub repositories. Discovered by BeyondTrust, this flaw could allow attackers to steal GitHub OAuth tokens, which are essential for authenticating users. The vulnerability arises when Codex fails to sanitize the names of GitHub branches, enabling malicious commands to be executed during the cloning process.

When a user runs a prompt against a GitHub repository branch, Codex sets up an environment to handle the request. If the branch name contains malicious bash commands, these can be executed by the container, potentially capturing the user's GitHub token. This token grants high-level permissions, allowing unauthorized access to the user's GitHub account.

What's at Risk

The implications of this vulnerability are significant. An attacker could leverage the stolen token to gain access to sensitive repositories, modify code, or even escalate privileges within shared repositories. BeyondTrust demonstrated this risk through a proof-of-concept attack, which cleverly hid malicious commands in branch names using Unicode characters to bypass GitHub's restrictions. This could lead to severe security breaches if left unaddressed.

Moreover, the vulnerability isn't limited to OAuth tokens. GitHub Installation Access tokens can also be exposed through similar methods, especially when Codex is invoked in comments or pull requests. This broadens the attack surface, making it essential for users to remain vigilant.

Patch Status

After being reported to OpenAI via BugCrowd in December 2025, the company acted quickly. Initial fixes were implemented within a week, and full remediation of the vulnerability was completed by January 2026. OpenAI has classified this vulnerability as critical, emphasizing the need for immediate user action to mitigate risks.

Users are advised to audit the permissions granted to AI coding agents like Codex and to follow the principle of least privilege. Regularly rotating GitHub tokens and monitoring for unusual branch names in shared repositories are also recommended practices.

Immediate Actions

To protect against potential exploitation of this vulnerability, users should take several proactive steps:

  • Audit Permissions: Review and limit the permissions granted to Codex and similar tools.
  • Monitor Repositories: Keep an eye on shared repositories for any suspicious branch names or activity.
  • Rotate Tokens: Regularly change GitHub tokens to minimize the risk of unauthorized access.

By following these guidelines, users can significantly reduce their exposure to this vulnerability and enhance their overall security posture when using AI coding tools.

🔒 Pro insight: This vulnerability highlights the critical need for robust input validation in AI tools to prevent exploitation.

Original article from

SCSC Media
Read Full Article

Share

Related Pings

HIGHVulnerabilities

OpenAI Patches Vulnerabilities in Codex and ChatGPT Systems

OpenAI has patched vulnerabilities in Codex and ChatGPT that could lead to serious data leaks. Users of these AI tools should ensure they are updated. The risks highlight the importance of security in AI systems.

CSO Online·
CRITICALVulnerabilities

F5 BIG-IP Critical RCE Vulnerability - Patch Now to Protect

F5 has identified a critical RCE vulnerability in BIG-IP APM systems. Attackers are exploiting this flaw to deploy webshells. Immediate action is crucial to protect sensitive data.

BleepingComputer·
MEDIUMVulnerabilities

Microsoft Outlook Classic - Teams Meeting Add-in Crash Fixed

Microsoft has fixed a bug causing crashes in Outlook Classic due to the Teams Meeting add-in. Users are advised to update their Outlook client to restore functionality. This fix is crucial for maintaining seamless communication in Microsoft 365.

BleepingComputer·
CRITICALVulnerabilities

ChatGPT Vulnerability - Attackers Exfiltrate User Data Silently

A critical vulnerability in ChatGPT allowed attackers to exfiltrate sensitive user data silently. Users sharing personal information are at risk. OpenAI has patched the issue, but awareness is key.

Cyber Security News·
HIGHVulnerabilities

WordPress Plugin Vulnerability Exposes Data from 800,000 Sites

A severe vulnerability in Smart Slider 3 affects over 800,000 WordPress sites. This flaw allows attackers to access sensitive data. Immediate updates are crucial to prevent exploitation.

Cyber Security News·
HIGHVulnerabilities

StrongSwan Vulnerability - Unauthenticated Attackers Can Crash VPNs

A critical flaw in StrongSwan allows attackers to crash VPNs without authentication. This affects many users over 15 years of software versions. Immediate updates are essential to prevent disruptions.

SecurityWeek·