OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
Summary
OpenAI patched a vulnerability in ChatGPT that allowed attackers to secretly extract sensitive user data, such as conversation messages and uploaded files, by exploiting a hidden DNS-based communication path (a covert channel using the Domain Name System to send data) in the Linux runtime that the AI uses for code execution. The flaw bypassed ChatGPT's built-in safety guardrails (protections designed to prevent unauthorized data sharing) and could be triggered through malicious prompts or embedded in custom GPTs without triggering any user warnings.
Solution / Mitigation
OpenAI addressed the issue on February 20, 2026, following responsible disclosure (the practice of privately reporting security flaws to a vendor before public release).
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html
First tracked: March 30, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%