CVE-2026-11326

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

4th

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.

CWE	CWE-284
Vendor	openai
Product	openai atlas
Published	Jun 5, 2026
Last Updated	Jun 5, 2026

Stay Ahead of the Next One

Get instant alerts for openai openai atlas

Be the first to know when new unknown vulnerabilities affecting openai openai atlas are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OpenAI / OpenAI Atlas

0 < 1.2025.288.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hacktron.ai: https://www.hacktron.ai/blog/hacking-openai-atlas-browser

Credits

s1r1us and sudi of hacktron.ai