VBS-2026-0014HIGHCVSS 8.8CWE-77

Codex cloud branch-name command injection risk

Research described command-injection risk when untrusted branch/ref metadata was consumed by cloud agent workflows, with potential token theft impact.

Published

2026-03-27

Discovered By

BeyondTrust Labs

CVSS Score

8.8 / 10

Affected AI Platforms

Codex

Affected Tech Stack

Branch/ref metadataCloud task creationShell command construction

Remediation

Treat branch names as hostile input, enforce strict allowlists, and minimize token scope/lifetime for agent tasks.

#codex#command-injection#branch-metadata#token-theft

References

https://www.beyondtrust.com/blog

Check if your app is vulnerable to VBS-2026-0014

PolyDefender detects this and dozens of other AI-specific vulnerability patterns.

FAQ

How do I check if my Branch/ref metadata + Cloud task creation app is affected by codex cloud branch-name command injection risk?

Research described command-injection risk when untrusted branch/ref metadata was consumed by cloud agent workflows, with potential token theft impact.. Search your codebase for Branch/ref metadata, Cloud task creation, Shell command construction patterns and verify the remediation has been applied.

Why does Codex generate code with CWE-77 (high severity)?

Research described command-injection risk when untrusted branch/ref metadata was consumed by cloud agent workflows, with potential token theft impact.

How do I fix codex cloud branch-name command injection risk?

Treat branch names as hostile input, enforce strict allowlists, and minimize token scope/lifetime for agent tasks.

What can an attacker do if my app contains VBS-2026-0014?

With CVSS 8.8 (high), this vulnerability is high risk — significant data or functionality can be compromised.