CVE-2026-11326

Currently unrated

Key Information:

Vendor: Openai
Status: Openai Atlas
Vendor: CVE Published:; 5 June 2026

What is CVE-2026-11326?

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.

Affected Version(s)

OpenAI Atlas 0 < 1.2025.288.15

References

https://www.hacktron.ai/blog/hacking-openai-atlas-browser

technical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
Jun 5, 2026

Credit

s1r1us and sudi of hacktron.ai

CVE-2026-11326 Data

JSON

Openai

What is CVE-2026-11326?

Affected Version(s)

References

Timeline

Credit