CVE-2026-11326 MEDIUM

CVE-2026-11326

Vendor Openai

Product OpenAI Atlas

Weakness CWE-284

Published June 5, 2026

Last update June 5, 2026

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/V:D/RE:L/U:Green

What the vulnerability does

01Description

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.

Key dates

02Disclosure timeline

June 5, 2026 CVE published

June 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-11326

Related vulnerabilities

CVE-2026-11326

01Description

02Disclosure timeline

03References

04Related CVE