CVE-2024-40594: The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a l
lowvulnerabilityLLM-Specific
securityprivacy
Summary
The OpenAI ChatGPT app for macOS before July 5, 2024 had two security problems: it disabled the sandbox (a security boundary that limits what an app can access) and stored conversations in cleartext (unencrypted plain text) in a location that other apps could read. This meant user conversations were exposed to other programs on the same computer.
Vulnerability Details
CVSS Score
2.3(low)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Data Extraction
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-40594
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 95%