CVE-2026-11326_CVE-2026-11326

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/V:D/RE:L/U:Green

Description

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.

Basic Information

ID CVE-2026-11326

Source OAI

Published Jun 5, 2026 at 00:12

Modified Jun 5, 2026 at 18:32

Affected Product

Vendor OpenAI

Product OpenAI Atlas

Affected Versions OpenAI OpenAI Atlas 0

CWE Classification

CWE-284

References

www.hacktron.ai /blog/hacking-openai-atlas-browser

{
    "lastseen": "",
    "description": "OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.",
    "published": "2026-06-05T00:12:32.077Z",
    "modified": "2026-06-05T18:32:50.603Z",
    "type": "cve",
    "title": "CVE-2026-11326",
    "source": "OAI",
    "references": "https://www.hacktron.ai/blog/hacking-openai-atlas-browser",
    "id": "CVE-2026-11326",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "OpenAI OpenAI Atlas 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/V:D/RE:L/U:Green",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenAI Atlas",
    "version": "0",
    "vendor": "OpenAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}