0xensec Daily Roundup — April 29, 2026
A critical vulnerability has been disclosed in OpenAI Codex, with the Zero Day Initiative (ZDI) assigning a CVSS rating of 8.6 for a sandbox escape flaw. The exploit allows remote attackers to bypass Codex sandbox restrictions by tricking users into processing malicious JavaScript-laden repositories, emphasizing ongoing risks associated with the integration of generative AI into popular developer workflows.[4] This incident comes at a time when defenders are being urged to rapidly adapt, as adversaries now leverage AI-driven tools that automate exploitation and weaponize new vulnerabilities within hours of disclosure, drastically reducing attackers’ barriers to entry.[6]
Read more →