OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

Staff Editor 2026-03-30
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html

Publish Date: 2026-03-30 14:05:00

Source Domain: thehackernews.com

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point.

“A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in a report published today. “A backdoored GPT could abuse the same weakness to obtain access to user data without the user’s awareness or consent.”

Following responsible disclosure, OpenAI addressed the issue on February 20, 2026. There is no evidence that the issue was ever exploited in a malicious context.

While ChatGPT is built with various guardrails to prevent unauthorized data sharing or generate direct outbound network requests, the newly discovered vulnerability bypasses these safeguards entirely by exploiting a side channel originating from the Linux runtime used by the artificial intelligence (AI) agent for code execution and data analysis.

Specifically, it abuses a hidden DNS-based communication path as a “covert transport mechanism” by encoding information into DNS requests to get around visible AI guardrails. What’s more, the same hidden communication path could be used to establish remote shell access inside the Linux runtime and achieve command execution.

In the absence of any warning or user approval dialog, the vulnerability creates a security blind spot, with the AI system assuming that the environment was isolated.

As an illustrative example, an attacker could convince a user to paste a malicious prompt by passing it off as a way to unlock premium capabilities for free or improve ChatGPT’s performance. The threat gets magnified when the technique is embedded inside custom GPTs, as the malicious logic could be baked into it as opposed to tricking a user into pasting a specially crafted prompt.

“Crucially, because the model operated under the assumption…

Source

More Stories

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06
Franklin Student is a Cyber Security Champ at Bridgewater State

Franklin Student is a Cyber Security Champ at Bridgewater State

Staff Editor 2026-06-06
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy