AIKIDO-2026-10070
@openai/codex is vulnerable to Incorrect Permission Assignment for Critical Resource
17
Low Risk
This Affects:
@openai/codexTL;DR
Affected versions of this package are vulnerable to Sandbox Escape due to Improper Mount Restrictions. The vulnerability occurs because the Landlock sandbox fails to apply read-only mounts for sensitive paths, such as .git/, before enabling Landlock rules, leaving these paths writable if the repository root is accessible. An attacker could exploit this by writing malicious configuration or hooks into the .git directory from within the sandbox, potentially leading to code execution or repository compromise when those hooks are triggered. It bypasses the intended isolation because the sandbox's mount restrictions are applied too late in the initialization sequence.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and if you are running the package in a UNIX environment.
Background info
@openai/codex is vulnerable to Incorrect Permission Assignment for Critical Resource in versions 0.1.0 - 0.80.0.
How to fix this
Upgrade the @openai/codex library to a patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant