CVE-2026-11326

Vulnerability Description

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.

Vulnerability Details

Published Date

June 05, 2026

Last Modified

June 05, 2026

CWE ID

CWE-284

Source

NVD

Vendor

OpenAI

Product

OpenAI Atlas

External References

https://www.hacktron.ai/blog/hacking-openai-atlas-browser

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment