Cross-Site Scripting Vulnerability in OpenAI Atlas with Browser API Exposure
CVE-2026-11326
6MEDIUM
What is CVE-2026-11326?
A cross-site scripting vulnerability has been identified in OpenAI Atlas versions prior to 1.2025.288.15. This flaw allows malicious web content hosted on forum.openai.com to exploit exposed privileged browser APIs. Attackers can potentially access sensitive browser functionality, such as browser history and tab management, by leveraging this vulnerability. Upgrading to version 1.2025.288.15 or later mitigates the risk by restricting access to these APIs solely for *.chatgpt.com domains.
Affected Version(s)
OpenAI Atlas 0 < 1.2025.288.15
