diff --git a/docs/internal/codex/2026-03-29-exec-target-override-fix.md b/docs/internal/codex/2026-03-29-exec-target-override-fix.md
new file mode 100644
index 00000000000..84abab8b0b5
--- /dev/null
+++ b/docs/internal/codex/2026-03-29-exec-target-override-fix.md
@@ -0,0 +1,19 @@
+---
+title: "Exec target override bypass fix"
+summary: "Hardened exec target resolution so auto defaults no longer allow model-requested host overrides."
+author: "Codex <codex@openai.com>"
+github_username: "codex"
+created: "2026-03-29"
+---
+
+Investigated a high-severity regression in exec target resolution.
+
+What changed:
+
+- Confirmed current behavior allowed `configuredTarget=auto` with `requestedTarget=gateway/node`, which selects host execution even when sandbox is available.
+- Restored fail-closed allowlist behavior by requiring requested target to exactly match configured target.
+- Updated the runtime unit test to verify host overrides are rejected when configured target is `auto`.
+
+Why:
+
+- `auto` should choose runtime host automatically, not grant untrusted host-selection overrides.
diff --git a/src/agents/bash-tools.exec-runtime.test.ts b/src/agents/bash-tools.exec-runtime.test.ts
index f6b9665dc9c..e328df2ed9b 100644
--- a/src/agents/bash-tools.exec-runtime.test.ts
+++ b/src/agents/bash-tools.exec-runtime.test.ts
@@ -47,19 +47,15 @@ describe("resolveExecTarget", () => {
     ({ resolveExecTarget } = await import("./bash-tools.exec-runtime.js"));
   });
 
-  it("treats auto as a default strategy rather than a host allowlist", () => {
-    expect(
+  it("rejects host overrides when configured host is auto", () => {
+    expect(() =>
       resolveExecTarget({
         configuredTarget: "auto",
         requestedTarget: "node",
         elevatedRequested: false,
         sandboxAvailable: false,
       }),
-    ).toMatchObject({
-      configuredTarget: "auto",
-      selectedTarget: "node",
-      effectiveHost: "node",
-    });
+    ).toThrow("exec host not allowed");
   });
 });
 
diff --git a/src/agents/bash-tools.exec-runtime.ts b/src/agents/bash-tools.exec-runtime.ts
index 21906f6e8c6..ee204dead6d 100644
--- a/src/agents/bash-tools.exec-runtime.ts
+++ b/src/agents/bash-tools.exec-runtime.ts
@@ -221,13 +221,7 @@ export function isRequestedExecTargetAllowed(params: {
   configuredTarget: ExecTarget;
   requestedTarget: ExecTarget;
 }) {
-  if (params.requestedTarget === params.configuredTarget) {
-    return true;
-  }
-  if (params.configuredTarget === "auto") {
-    return true;
-  }
-  return false;
+  return params.requestedTarget === params.configuredTarget;
 }
 
 export function resolveExecTarget(params: {