A security researcher at Harel Security Research discovered a vulnerability allowing for ChatGPT account takeover. This was achieved through a "wildcard" web cache deception. The researcher found that a broad caching rule for the /share/ path, combined with a difference in how Cloudflare's CDN and OpenAI's web server parsed URL-encoded path traversals, led to the flaw. By crafting a specific URL, an attacker could cache sensitive API endpoints containing user authentication tokens. When a victim clicked this manipulated link, their token would be stored in the cache. Subsequently, the attacker could retrieve this cached token, gaining unauthorized access to the victim's ChatGPT account. This vulnerability, a variation of a previously patched issue, highlights the dangers of inconsistent URL parsing between different server components and earned the researcher a significant bug bounty.