top of page
perceptive_background_267k.jpg

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

Published:

30 March 2026 at 18:05:00

Alert date:

30 March 2026 at 20:03:04

Source:

thehackernews.com

Click to open the original link from this advisory

Emerging Technologies, Data Breach & Exfiltration, Web Technologies

A vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent. According to Check Point researchers, a single malicious prompt could turn ordinary conversations into covert exfiltration channels, leaking user messages, uploaded files, and other sensitive content. OpenAI has patched the ChatGPT data exfiltration flaw along with a Codex GitHub token vulnerability. The vulnerability represents a significant privacy and security risk for ChatGPT users whose sensitive data could be compromised through crafted prompts.

Technical details

ChatGPT vulnerability exploited a hidden DNS-based communication path as a covert transport mechanism by encoding information into DNS requests to bypass AI guardrails. The vulnerability originated from the Linux runtime used by the AI agent for code execution and data analysis. OpenAI Codex had a command injection vulnerability in the task creation HTTP request that allowed attackers to smuggle arbitrary commands through the GitHub branch name parameter due to improper input sanitization. This could result in theft of GitHub User Access Tokens and execution of malicious payloads inside the agent's container.

Mitigation steps:

Organizations need to implement their own security layer to counter prompt injections and other unexpected behavior in AI systems. Security architecture needs to be rethought for AI with independent visibility and layered protection between organizations and AI vendors. The security of AI agent containers and input consumption must be treated with the same rigor as any other application security boundary.

Affected products:

OpenAI ChatGPT
OpenAI Codex
ChatGPT website
Codex CLI
Codex SDK
Codex IDE Extension

Related links:

https://research.checkpoint.com/2026/chatgpt-data-leakage-via-a-hidden-outbound-channel-in-the-code-execution-runtime/
https://help.openai.com/en/articles/8437071-data-analysis-with-chatgpt#h_f3588140cc
https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html
https://expel.com/blog/on-the-radar-chatgpt-stealer/
https://openai.com/index/introducing-codex/
https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token
https://x.com/kmcquade3/status/2038641472417993072

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page