CVE-2025-35431

OpenAI has launched Codex Security, an AI-powered agent that scanned 1.2 million code commits in 30 days, finding 792 critical and 10,561 high-severity vulnerabilities across major open-source projects including GnuPG, PHP, and Chromium.

Severity

high

CVSS Score

8.5 / 10

Exploitation

Actively exploited

Published

Mar 9, 2026

Affected Products

›GnuPG (CVE-2026-24881 — CVSS 9.8, stack buffer overflow)
›GnuTLS (CVE-2025-32988, CVE-2025-32989)
›GOGS (CVE-2025-8110 — path traversal, active exploitation)
›PHP
›Chromium / Thorium browser

Full Analysis

OpenAI Codex Security: AI Agent Scanned 1.2 Million Code Commits and Found 10,561 High-Severity Vulnerabilities

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →

← All threat reports All articles