CVE-2026-11326

OpenAI Atlas prior to 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could access these APIs, enabling access to browser history and the ability to open or close tabs. Atlas 1.2025.288.15 narrows API a...