CVE-2026-11326

Gravedad:

Pendiente de análisis

Tipo:

CWE-284 Control de acceso incorrecto

Fecha de publicación:

05/06/2026

Última modificación:

05/06/2026

Descripción

*** Pendiente de traducción *** OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.

Impacto

Referencias a soluciones, herramientas e información

https://www.hacktron.ai/blog/hacking-openai-atlas-browser