OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| OpenAI | OpenAI Atlas | unaffected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to OpenAI Atlas 1.2025.288.15 or later.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.hacktron.ai/blog/hacking-openai-atlas-browser |
|
History
Fri, 05 Jun 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later. | |
| Weaknesses | CWE-284 | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: OAI
Published:
Updated: 2026-06-05T00:12:32.077Z
Reserved: 2026-06-05T00:07:13.696Z
Link: CVE-2026-11326
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-06-05T02:17:11.180
Modified: 2026-06-05T02:17:11.180
Link: CVE-2026-11326
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses