CVE-2026-11326
BaseFortify
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: 8f4f43ab-ba69-4d92-aa1d-d772184d6fb7
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openai | atlas | to 1.2025.288.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-11326 is a critical vulnerability in OpenAI's ChatGPT Atlas AI-powered browser that allowed attackers to bypass security restrictions and gain unauthorized access to sensitive browser functions.
The flaw was caused by an overly permissive allowlist exposing powerful Mojo IPC interfaces to all *.chatgpt.com and *.openai.com domains. Attackers exploited a cross-site scripting (XSS) vulnerability on forums.openai.com, triggered via a PostMessage handler lacking proper input sanitization.
This XSS allowed execution of arbitrary JavaScript in authenticated sessions, enabling attackers to access privileged browser APIs that could control browser tabs, navigate URLs, and monitor browsing activity.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to browser history and control over browser tabs.
More critically, attackers could intercept OAuth authorization codes during login flows by continuously calling exposed APIs, leading to OAuth token theft.
Such token theft enables account takeovers on third-party platforms like GitHub, Reddit, and Facebook, potentially compromising sensitive personal or organizational data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious activity related to the exposed privileged browser APIs, especially calls to functions like kaur1br5.open_tabs and kaur1br5.list_tabs which control browser tabs and monitor browsing activity.
Since the attack exploits a cross-site scripting (XSS) vulnerability triggered via a PostMessage handler lacking input sanitization, inspecting browser console logs and network traffic for unusual PostMessage events or unexpected JavaScript execution on *.openai.com or *.chatgpt.com domains can help detect exploitation attempts.
Commands or tools to detect this might include:
- Using browser developer tools to monitor console logs for errors or unexpected script execution.
- Network traffic analysis tools (e.g., Wireshark, tcpdump) to capture and inspect WebSocket or HTTP traffic for suspicious PostMessage payloads targeting the vulnerable domains.
- Running scripts or browser extensions that detect and alert on unauthorized calls to privileged APIs like kaur1br5.open_tabs or kaur1br5.list_tabs.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenAI Atlas to version 1.2025.288.15 or later, as this version narrows access to the privileged browser APIs to only *.chatgpt.com domains, removing exposure on *.openai.com and fixing the vulnerability.
Additional immediate steps include:
- Avoid visiting or interacting with forum.openai.com until the upgrade is applied, as it is the vector for the XSS attack.
- Monitor and restrict browser extensions or scripts that could exploit the exposed APIs.
- Implement Content Security Policy (CSP) headers to reduce the risk of XSS attacks on your domains.
- Educate users about the risks of clicking suspicious links or executing untrusted scripts within the OpenAI Atlas browser.