GHSA-w5fx-fh39-j5rw: 
JavaScript vulnerability analysis and mitigation

A high-severity vulnerability (GHSA-w5fx-fh39-j5rw) was discovered in OpenAI's Codex CLI and IDE Extension, affecting versions 0.2.0 through 0.38.0 of the npm package @openai/codex and versions up to 0.4.11 of the Codex IDE Extension. The vulnerability was disclosed on September 19, 2025, and involves a sandbox bypass due to a bug in the path configuration logic (GitHub Advisory).

The vulnerability stems from a bug in the sandbox configuration logic where Codex CLI could incorrectly treat a model-generated current working directory (cwd) as the sandbox's writable root. This includes paths outside of the folder where the user started their session, effectively bypassing the intended workspace boundary. The vulnerability has been assigned a CVSS score of 8.6 (High), with attack vector being Network, attack complexity Low, and requiring Low privileges with Passive user interaction. The vulnerability impacts system confidentiality, integrity, and availability at High levels (GitHub Advisory).

The vulnerability enables arbitrary file writes and command execution wherever the Codex process has permissions, though it's important to note that the network-disabled sandbox restriction remained unaffected. This could potentially allow attackers to access and modify files outside the intended workspace boundaries (GitHub Advisory).

A patch has been released in Codex CLI version 0.39.0 that canonicalizes and validates that the boundary used for sandbox policy is based on where the user started the session, rather than the model-generated one. Users running version 0.38.0 or earlier should immediately update via their package manager or reinstall the latest Codex CLI. For Codex IDE extension users, an update to version 0.4.12 is available and should be installed immediately (GitHub Advisory, GitHub Release).