Tenable's ChatGPT prompt-injection and url_safe bypass analysis
Technical Analysis
Summary
Hide ▲
Show ▼
Tenable uncovered seven ChatGPT vulnerabilities that let attackers drive prompt injection, phishing redirects, and memories/chat history exfiltration through SearchGPT and url_safe, creating direct data-theft risk in chatbot workflows.
Related Happenings
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
Vulnerability
First: 31.03.2026 16:01
Last: 31.03.2026 16:01
Sources 1
About this happening:
A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
ChatGPT single-prompt DNS side-channel exfiltration remote code execution flaw
VulnerabilityAbout this happening: A **ChatGPT** vulnerability let a **single malicious prompt** covertly exfiltrate prompts, messages, uploaded files, and other sensitive content through a **DNS side channel**. Th...
OpenAI ChatGPT security update for prompt exfiltration flaw
Security Patch Release
First: 31.03.2026 16:01
Last: 31.03.2026 16:01
Sources 1
About this happening:
OpenAI deployed a **security update** for **ChatGPT** on **February 20**, closing a flaw that could let a **single malicious prompt** covertly exfiltrate **prompts, messages, uplo...
OpenAI ChatGPT security update for prompt exfiltration flaw
Security Patch ReleaseAbout this happening: OpenAI deployed a **security update** for **ChatGPT** on **February 20**, closing a flaw that could let a **single malicious prompt** covertly exfiltrate **prompts, messages, uplo...
ChatGPT Mods token-stealing browser-extension campaign
Campaign
First: 30.01.2026 15:42
Last: 30.01.2026 15:42
Sources 1
About this happening:
The **ChatGPT Mods** campaign used **16 browser extensions** to inject a **content script** into **chatgpt[.]com**, stealing authentication tokens that could let operators imperso...
ChatGPT Mods token-stealing browser-extension campaign
CampaignAbout this happening: The **ChatGPT Mods** campaign used **16 browser extensions** to inject a **content script** into **chatgpt[.]com**, stealing authentication tokens that could let operators imperso...
Malicious Chrome extensions hijack affiliate links and steal ChatGPT tokens
Malware Activity
First: 30.01.2026 15:42
Last: 30.01.2026 15:42
Sources 1
About this happening:
A cluster of **malicious Google Chrome extensions** is being used to **hijack affiliate links**, **scrape product data**, and steal **OpenAI ChatGPT authentication tokens**, creat...
Malicious Chrome extensions hijack affiliate links and steal ChatGPT tokens
Malware ActivityAbout this happening: A cluster of **malicious Google Chrome extensions** is being used to **hijack affiliate links**, **scrape product data**, and steal **OpenAI ChatGPT authentication tokens**, creat...
ChatGPT prompt-injection URL-modification bypass ZombieAgent security flaw
Vulnerability
First: 08.01.2026 18:45
Last: 08.01.2026 18:45
Sources 1
About this happening:
**ZombieAgent** is a newly identified **prompt-injection vulnerability** in **ChatGPT** that could leak sensitive data from connected services such as **Gmail, Outlook, Google Dri...
ChatGPT prompt-injection URL-modification bypass ZombieAgent security flaw
VulnerabilityAbout this happening: **ZombieAgent** is a newly identified **prompt-injection vulnerability** in **ChatGPT** that could leak sensitive data from connected services such as **Gmail, Outlook, Google Dri...
Timeline
-
06.11.2025 17:49 2 articles · 6mo ago
Tenable discloses seven ChatGPT prompt-injection and url_safe bypass paths
Technical Analysis UpdateTenable researchers disclosed seven ChatGPT vulnerabilities and attack techniques affecting the bio feature, SearchGPT/open_url browsing, and the url_safe check. The findings describe prompt injection through webpage content and comments, execution of crafted chatgpt.com/?q={prompt} links, Bing intermediary URLs that bypass url_safe, conversation injection back into ChatGPT, and code-block hiding to conceal malicious output, with claimed risks including data theft, phishing redirects, and exfiltration of memories and chat history. OpenAI was informed, some issues were patched, and some methods still worked against the latest GPT-5 model.
Show sources
- Researchers Hack ChatGPT Memories and Web Search Features — www.securityweek.com — 06.11.2025 17:49
- Researchers Hack ChatGPT Memories and Web Search Features — www.securityweek.com — 06.11.2025 17:49