Information disclosure in Openai Codex Desktop App For Macos

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted so…

Vulnerability class: Information Disclosure

Affected products

Weakness classification (CWE)

References