Skip to content

Windows Sandbox / Temporary Profile Leak with Codex Sandbox Users #21455

Open
Open
Windows Sandbox / Temporary Profile Leak with Codex Sandbox Users#21455
Labels
bugSomething isn't workingextensionIssues related to the VS Code extensionsandboxIssues related to permissions or sandboxingwindows-osIssues related to Codex on Windows systems
@motyc

Description

@motyc
motyc
opened on May 7, 2026

What version of the IDE extension are you using?

Cursor

What subscription do you have?

26.429.30905

Which IDE are you using?

Cursor

What platform is your computer?

Microsoft Windows NT 10.0.26200.0 x64

What issue are you seeing?

Windows Sandbox / Temporary Profile Leak with Codex Sandbox Users

Summary

Codex on Windows appears to repeatedly create temporary Windows profiles (TEMP.<user>.*) during sandbox initialization or refresh operations.

In my environment this resulted in ~170 leaked temporary user profile directories under:

C:\Users\TEMP.David-PC.*

The issue appears related to the native Windows sandbox implementation and/or sandbox user management.

Observed components involved:

  • codex-windows-sandbox-setup.exe
  • codex-command-runner-0.128.0-alpha.1.exe
  • CodexSandboxOffline
  • CodexSandboxOnline

This does not appear to be malware. The generated files are Windows DPAPI blobs and profile scaffolding.

The issue appears to be:

  • sandbox/user bootstrap retry loops
  • temporary profile fallback
  • profile unload/cleanup failure
  • or repeated failed noninteractive logons.

Environment

  • Windows 11
  • Native Windows sandbox mode (not WSL)
  • Cursor extension using Codex
  • Observed with:
    • codex-command-runner-0.128.0-alpha.1.exe

Symptoms

Hundreds of directories created under:

C:\Users\

Examples:

TEMP.David-PC
TEMP.David-PC.000
TEMP.David-PC.001
...
TEMP.David-PC.169

Characteristics:

  • all directories contain nearly identical minimal contents
  • not full normal user profiles
  • timestamps appear in bursts
  • creation continues while Codex sandbox processes are active
  • creation stops after Codex processes are terminated

Example timing bursts:

  • 2026-04-29 22:30–23:30
  • 2026-05-01 02:00–03:00
  • 2026-05-06 16:00–18:00
  • 2026-05-07 01:00–02:30

Additional Observed Files

Each temp profile contains:

AppData\Local\Microsoft\Windows\SFAP\cache1.bin

Inspection of cache1.bin shows:

  • standard Microsoft DPAPI header
  • encrypted Windows credential/security blob
  • not executable content
  • not malware

DPAPI signature:

D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB

This suggests the sandbox/user initialization path triggers:

  • LSASS
  • DPAPI
  • User Profile Service
  • SFAP cache initialization

Relevant Sandbox Log Entries

Observed in sandbox.log:

ensuring sandbox users offline=CodexSandboxOffline online=CodexSandboxOnline

setup refresh: spawning ... codex-windows-sandbox-setup.exe

helper launch
runner launch
command-runner

hide users: profile dir hidden for current user

The repeated setup refresh operations appear correlated with the temp profile creation bursts.

Important Observation

The log line:

hide users: profile dir hidden for current user

combined with existing Codex Windows sandbox issues suggests the implementation is manipulating:

  • Windows local users
  • profile directories
  • ACLs
  • hidden profile state
  • or Explorer visibility

This appears related to:

  • Windows sandbox user bootstrapping
  • first-logon profile initialization
  • or profile visibility suppression

Request

Please investigate:

  • sandbox user initialization
  • temporary profile fallback handling
  • profile cleanup/unload
  • repeated setup refresh behavior
  • hide_users.rs
  • interaction with Windows User Profile Service

The current behavior can silently generate hundreds of leaked temp profiles on Windows systems.

What steps can reproduce the bug?

Suspected Root Cause

My current hypothesis:

  1. Codex sandbox refresh runs
  2. Sandbox users are initialized or refreshed
  3. Windows attempts transient/noninteractive logon
  4. User Profile Service partially initializes a profile
  5. Profile attach/unload/setup fails
  6. Windows falls back to TEMP.<user>
  7. Cleanup does not occur
  8. Retry loop creates another temp profile

Possibly related APIs/components:

  • CreateProcessWithLogonW
  • CreateProcessAsUserW
  • S4U logons
  • User Profile Service
  • LSASS
  • DPAPI
  • sandbox ACL setup
  • hidden sandbox user profile handling

Repro Notes

Issue appears easiest to trigger when:

  • using native Windows sandbox mode
  • using Cursor/OpenAI Codex integration
  • long-running agent/sandbox sessions
  • repeated sandbox refreshes
  • elevated/native Windows sandbox mode

Mitigation

Temporary mitigation:

  1. Fully exit Cursor/Codex
  2. Kill:
    • codex.exe
    • codex-command-runner.exe
    • codex-windows-sandbox-setup.exe
    • node.exe
  3. Reboot

After this:

  • new TEMP profiles stopped appearing

What is the expected behavior?

Codex not creating leaked profiles

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingextensionIssues related to the VS Code extensionsandboxIssues related to permissions or sandboxingwindows-osIssues related to Codex on Windows systems

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions