CVE-2025-61260: A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP
Summary
A vulnerability in OpenAI Codex CLI v0.23.0 and earlier allows attackers to execute arbitrary code by creating malicious configuration files (.env and .codex/config.toml) in a repository. When a user runs the codex command in a compromised repository, the tool automatically loads these files without asking for permission, triggering the attacker's embedded commands.
Vulnerability Details
EPSS: 0.0%
April 14, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-63086: text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compat
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-61260
First tracked: April 14, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 92%