Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenReplay session replay suite has a SQL injection flaw in search endpoint
CVE-2026-28443
Summary
OpenReplay, a self-hosted tool for replaying user sessions, had a security weakness in its search function. This weakness could allow an attacker to access sensitive data. Update to the latest version (1.20.0 or higher) to fix the issue.
Original title
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched i...
Original description
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0.
nvd CVSS4.0
6.9
Vulnerability type
CWE-89
SQL Injection
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026