Session Replay Vulnerability in OpenReplay Affects Multiple Versions
CVE-2026-55881
7.1HIGH
What is CVE-2026-55881?
OpenReplay is a self-hosted session replay suite that had a flaw in versions 1.22.0 through 1.26.0, where the getFirstMob function erroneously generated presigned S3 download URLs for the first 15 seconds of session replay recordings based solely on the session path parameter. The validateProjectAccess method did not sufficiently verify that the session corresponded with the project to which it belonged. This allowed authenticated users with low privileges to access session replay recordings from other tenants, exposing sensitive data.
Affected Version(s)
openreplay >= 1.22.0, < 1.27.0
