CVE-2026-28443

CVSS v3.1

9.8

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenReplay versions prior to 1.20.0

Description OpenReplay is a self-hosted session replay suite. The /projectId}/cards/search API endpoint is susceptible to SQL injection due to a flaw in the sort.field parameter. This allows for potential unauthorized database access or modification.

Recommendations Update to version 1.20.0 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-28443

GHSA-Q6GF-3QG3-PWW5

Affected Products

Openreplay

CVE-2026-28443

Weakness Enumeration

Related Identifiers

Affected Products

References · 7