{"data":{"id":"433443d0-9c95-4554-80a5-b0ad00f2e9f0","title":"CVE-2026-11326: OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site s","summary":"OpenAI Atlas versions before 1.2025.288.15 had a security flaw where privileged browser APIs (special functions that control browser features) were exposed to web content on OpenAI domains, and a cross-site scripting vulnerability (a type of attack where malicious code is injected into a website) on forum.openai.com could be exploited to access browser history and control tabs. The vulnerability was caused by improper access control (failing to properly restrict who can use certain functions).","solution":"Users should upgrade to OpenAI Atlas version 1.2025.288.15 or later, which narrows access to these APIs to only the *.chatgpt.com domain.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-11326","publishedAt":"2026-06-05T02:17:11.180Z","cveId":"CVE-2026-11326","cweIds":["CWE-284"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","OpenAI Atlas","ChatGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-05T02:17:11.180Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}