Description
OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.
Published:
2026-06-05
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| OpenAI | OpenAI Atlas | unaffected |
|
No data.
No data.
No data available yet.
Remediation
Vendor Solution
Upgrade to OpenAI Atlas 1.2025.288.15 or later.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.hacktron.ai/blog/hacking-openai-atlas-browser |
|
History
Fri, 05 Jun 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later. | |
| Weaknesses | CWE-284 | |
| References |
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: OAI
Published:
Updated: 2026-06-05T00:12:32.077Z
Reserved: 2026-06-05T00:07:13.696Z
Link: CVE-2026-11326
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-06-05T02:17:11.180
Modified: 2026-06-05T02:17:11.180
Link: CVE-2026-11326
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses