Security researcher zer0dac disclosed a vulnerability chain in ChatGPT combining a guardrail bypass with path traversal through the file download mechanism. The exploit involved social engineering the LLM to generate a valid download URL and then appending traversal sequences to access restricted system files. OpenAI has remediated the issue by redesigning the URL download flow; practical impact was limited by sandbox restrictions.
Chatgpt
Recent threats
Researchers at Mindgard discovered a vulnerability allowing ChatGPT to generate violent and sexually explicit images through minimally modified prompts that originally targeted humor. OpenAI stated it deployed additional safeguards, but researchers demonstrated workarounds persist. The vulnerability also allows creation of nude deepfakes of real people despite prior fixes.
OpenAI disclosed that the ChatGPT Mac desktop app was impacted by the Mini Shai-Hulud supply-chain attack targeting the TanStack open-source library on May 11, 2026. Two employee devices were compromised; however, OpenAI reports no evidence of user data access or compromise to their own systems. Affected users are being forced to update the app by June 12, 2026.
Threat actors are executing an active malvertising campaign leveraging ChatGPT's shared content and code-rendering features to host phishing pages on legitimate chatgpt.com/s/ domains. Victims lured via malicious Google ads and SEO poisoning are presented with fake service outage warnings prompting desktop app downloads, which deliver infostealer malware. The campaign exploits trusted ChatGPT domains and conditional rendering evasion to bypass security scanning. Both ChatGPT and Claude users are being targeted with variant attacks.
ChatGPhish, a browser-based prompt injection vulnerability in ChatGPT's web summarization feature, allows unauthenticated attackers to inject malicious content into AI-generated summaries. By appending instructions to publicly accessible web pages, attackers can render phishing links, spoofed security alerts, QR codes, and passive tracking beacons inside the trusted ChatGPT interface with no origin labeling, leveraging user trust in the assistant UI.
A critical authentication-bypass vulnerability tracked as CVE-2026-48710, dubbed 'BadHost', has been disclosed in Starlette versions prior to 1.0.1, the ASGI framework that underpins FastAPI-based AI infrastructure. The flaw arises from unsafe handling of the HTTP Host header, allowing attackers to forge header values that cause middleware to misidentify the request path, bypassing authentication and authorization controls. Platforms explicitly named at risk include vLLM, LiteLLM, Ray Serve, BentoML, Google ADK-Python, and MCP (Model Context Protocol) servers — components of the AI ecosystem commonly used to build and proxy LLM-powered services such as ChatGPT integrations and agent frameworks. Successful exploitation can expose restricted LLM endpoints, extract API keys and credentials, and enable unauthorized interaction with internal agent tooling. The vulnerability was discovered by X41 D-Sec during an OSTIF-sponsored audit and a patch is available in Starlette 1.0.1; operators are advised to upgrade immediately and avoid using request.url.path for security decisions in middleware.
- Attackers Can Exploit BadHost to Access Sensitive AI Agent Serve(opens in a new tab)
- BadHost vulnerability bypasses authentication on AI infrastructu(opens in a new tab)
- Worrying open-source security issue 'BadHost' could affect milli(opens in a new tab)
- Millions of AI brokers imperiled by essential vulnerability in o(opens in a new tab)
OpenAI disclosed that two employee devices were impacted by a software supply-chain attack against the TanStack open-source library, part of a broader campaign tracked as Mini Shai-Hulud that compromised the package on May 11, 2026. The malicious code performed credential-focused exfiltration and accessed a limited subset of internal source code repositories. As a precaution, OpenAI is forcing all ChatGPT Mac desktop app users to update their client between now and June 12, 2026. OpenAI states it has found no evidence that user data was accessed or that its production systems were compromised. Mac app users should install the update promptly when prompted.
- A security breach means you must update the ChatGPT Mac app(opens in a new tab)
- The ChatGPT desktop app for Mac just got hit with a security bre(opens in a new tab)
- OpenAI confirms security breach in TanStack supply chain attack,(opens in a new tab)
- OpenAI Issues Urgent Security Warning for Mac Users After Intern(opens in a new tab)
- OpenAI Says Hackers Stole Some Data After Latest Code Security I(opens in a new tab)