Session Replay Suite Vulnerability in OpenReplay by OpenReplay
CVE-2026-57230
5.4MEDIUM
What is CVE-2026-57230?
OpenReplay, a self-hosted session replay suite, contains a vulnerability in its session search and analytics API. Prior to version 1.27.0, the API allowed the insertion of unescaped user input into ClickHouse queries, posing serious data security risks. This flaw enables an authenticated user to execute blind boolean and time-based exfiltration attacks on any ClickHouse table. Consequently, it disrupts session search functionality across the platform until a stored key is properly removed. This vulnerability has been addressed in version 1.27.0.
Affected Version(s)
openreplay < 1.27.0
