{"data":{"id":"4b55ad9d-6cea-4ae9-8ccc-bf737cf832c0","title":"CVE-2026-14898: The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could pl","summary":"The OpenAI Codex desktop app for macOS had a security flaw where it automatically loaded remote images from AI responses without user confirmation. An attacker could use indirect prompt injection (tricking the AI by hiding instructions in untrusted input like tool results) to make the app fetch images containing sensitive data like API keys or source code, secretly sending that information to the attacker's server.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-14898","publishedAt":"2026-07-06T20:16:30.580Z","cveId":"CVE-2026-14898","cweIds":["CWE-200"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","Codex"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-06T20:16:30.580Z","capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}