Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:L/U:Green
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:L/U:Green
Lifecycle Timeline
4DescriptionCVE.org
OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI Atlas 1.2025.288.15 narrows access to these APIs to *.chatgpt.com; users should upgrade to 1.2025.288.15 or later.
AnalysisAI
OpenAI Atlas before 1.2025.288.15 improperly exposed privileged browser APIs - including browser history access and tab open/close controls - to any web content loaded from *.openai.com origins, including the publicly accessible forum.openai.com. Because forum.openai.com harbored an independent cross-site scripting vulnerability, an attacker could chain the two weaknesses: inject a script via the forum XSS, which then silently invokes Atlas's privileged APIs against a visiting victim. No public exploit or CISA KEV listing has been confirmed at time of analysis, though a public security research blog (hacktron.ai) describes the attack surface; the EPSS score of 0.02% (4th percentile) reflects low observed exploitation probability.
Technical ContextAI
OpenAI Atlas is a browser extension or companion application (CPE: cpe:2.3:a:openai:openai_atlas:*:*:*:*:*:*:*:*) that exposes privileged browser APIs - capabilities not available to ordinary web pages - intended for controlled use. The root cause is CWE-284 (Improper Access Control): Atlas granted these sensitive API bindings to the overly broad *.openai.com origin trust boundary, which includes forum.openai.com, a user-generated content platform with its own XSS exposure. The CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:N/UI:P) reflects a network-reachable, chained attack requiring high complexity because successful exploitation depends on an independently exploitable XSS condition on forum.openai.com co-occurring with a victim who has Atlas installed and browses the affected forum. The fix implemented in 1.2025.288.15 narrows the privileged API trust scope to *.chatgpt.com, eliminating the overly permissive origin grant.
RemediationAI
The primary fix is upgrading to OpenAI Atlas 1.2025.288.15 or later, which restricts privileged API access to *.chatgpt.com origins only, eliminating forum.openai.com from the trusted origin set. This is a vendor-released patch confirmed in the CVE description and EUVD-2026-34776; users should apply it immediately. If upgrade is not immediately possible, a compensating control is to disable or uninstall the OpenAI Atlas extension/application until the patch can be applied - this fully eliminates the attack surface at the cost of losing Atlas functionality. Alternatively, organizations with network filtering capabilities could block access to forum.openai.com at the proxy or DNS layer for Atlas-installed endpoints, which would prevent the XSS delivery vector; however, this does not fix the root improper access control and would only address the forum.openai.com XSS pathway, not potential future XSS vulnerabilities on other *.openai.com subdomains. Reference advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-11326.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34776
GHSA-x355-jg5j-p4h6