Researcher reveals ChatGPT cloud exposure flaw.

A security engineer uncovered a vulnerability in ChatGPT’s custom GPT Actions that allowed server-side request forgery attacks. By exploiting weak URL validation, the flaw could query Azure’s Instance Metadata Service and potentially expose access tokens tied to OpenAI’s cloud infrastructure. OpenAI rated the issue as high severity and patched it quickly after disclosure through its bug bounty program. Experts warn the case shows how minor validation gaps can escalate into serious cloud-level risks.

Read more:

https://www.securityweek.com/chatgpt-vulnerability-exposed-underlying-cloud-infrastructure/