VBS-2026-0015CRITICALCVSS 9.6CWE-78

Codex CLI project-local config execution (CVE-2025-61260)

Affected Codex CLI versions could execute attacker-controlled commands via project-local configuration redirection patterns in malicious repositories.

Published

2025-12-01

Discovered By

Check Point Research

CVSS Score

9.6 / 10

Affected AI Platforms

Codex CLI

Affected Tech Stack

Project-local config.env-controlled pathsRepo-as-input

Remediation

Upgrade to fixed versions and block repo-local home/config redirection without explicit approval.

#codex-cli#command-execution#repo-as-input#cve

References

https://research.checkpoint.com/

Check if your app is vulnerable to VBS-2026-0015

PolyDefender detects this and dozens of other AI-specific vulnerability patterns.

FAQ

How do I check if my Project-local config + .env-controlled paths app is affected by codex CLI project-local config execution (CVE-2025-61260)?

Affected Codex CLI versions could execute attacker-controlled commands via project-local configuration redirection patterns in malicious repositories.. Search your codebase for Project-local config, .env-controlled paths, Repo-as-input patterns and verify the remediation has been applied. This is rated CVSS 9.6 — treat it as a live incident if your app is already in production.

Why does Codex CLI generate code with CWE-78 (critical severity)?

Affected Codex CLI versions could execute attacker-controlled commands via project-local configuration redirection patterns in malicious repositories.

How do I fix codex CLI project-local config execution (CVE-2025-61260)?

Upgrade to fixed versions and block repo-local home/config redirection without explicit approval.

What can an attacker do if my app contains VBS-2026-0015?

With CVSS 9.6 (critical), this vulnerability is critical — an attacker can likely gain complete control of your data or infrastructure.