AIKIDO-2026-11020
@openai/codex is vulnerable to Protection Mechanism Failure
55
Medium Risk
This Affects:
@openai/codexTL;DR
A vulnerability in command-safety classification and local WebSocket handling could allow unintended code execution or unauthorized local connections under specific conditions. On macOS/Linux, PowerShell-looking commands were incorrectly routed through the Windows PowerShell parser, which could execute a repository-controlled pwsh binary during safety validation, before the normal sandboxed execution path. An attacker might exploit this by placing a malicious pwsh executable in a controlled path and tricking the system into classifying it as safe, or by initiating browser-originated requests to the local exec-server WebSocket listener to reach functionality that should only be accessible to trusted local clients.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@openai/codex is vulnerable to Protection Mechanism Failure in versions 0.0.0 - 0.135.0.
How to fix this
Upgrade the @openai/codex library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant