{"data":{"id":"d770ae82-87b1-48ab-a9d6-cc2cd51c72df","title":"OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability","summary":"OpenAI patched a vulnerability in ChatGPT that allowed attackers to secretly extract sensitive user data, such as conversation messages and uploaded files, by exploiting a hidden DNS-based communication path (a covert channel using the Domain Name System to send data) in the Linux runtime that the AI uses for code execution. The flaw bypassed ChatGPT's built-in safety guardrails (protections designed to prevent unauthorized data sharing) and could be triggered through malicious prompts or embedded in custom GPTs without triggering any user warnings.","solution":"OpenAI addressed the issue on February 20, 2026, following responsible disclosure (the practice of privately reporting security flaws to a vendor before public release).","labels":["security","privacy"],"sourceUrl":"https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html","publishedAt":"2026-03-30T18:05:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction","prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","ChatGPT","Codex","Custom GPTs"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-30T18:05:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}