What kind of data could have been leaked due to this vulnerability?

Sensitive user data, AI-generated summaries and conclusions, and specific content within conversations could have been leaked to external servers.

Why was this vulnerability able to bypass existing security measures?

Direct internet access was blocked, but DNS name resolution was available. DNS traffic was not classified as data sharing, allowing it to be exploited as a covert exfiltration mechanism.

When did OpenAI fix this vulnerability?

Following a report from Check Point Research, OpenAI confirmed that the fix was fully deployed on February 20, 2026.

AI News NQ Analysis

Check Point Research Discovers Covert Outbound Channel in ChatGPT's Code Execution Environment

NQ Score 50/100

AI Summary (NQ-processed)

Check Point Research (CPR) discovered a vulnerability in ChatGPT's code execution runtime environment, demonstrating potential data exfiltration via DNS tunneling and remote shell establishment. OpenAI confirmed the fix was fully deployed on February 20, 2026.

AI analysis data is not yet available.

Frequently Asked Questions

Q: What kind of data could have been leaked due to this vulnerability?: A: Sensitive user data, AI-generated summaries and conclusions, and specific content within conversations could have been leaked to external servers.
Q: Why was this vulnerability able to bypass existing security measures?: A: Direct internet access was blocked, but DNS name resolution was available. DNS traffic was not classified as data sharing, allowing it to be exploited as a covert exfiltration mechanism.
Q: When did OpenAI fix this vulnerability?: A: Following a report from Check Point Research, OpenAI confirmed that the fix was fully deployed on February 20, 2026.