Loading market data...
← Back to CVE feed

CVE-2026-11326

UNKNOWN View on NVD ↗

Description

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.

Published: Jun 05, 2026 02:17 UTC Modified: Jun 05, 2026 18:17 UTC