PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55879 openreplay CVE debrief

CVE-2026-55879 is a critical vulnerability in OpenReplay's self-hosted session replay suite. From version 1.24.0 to before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key. These are stored in ClickHouse without output encoding and later rendered in the authenticated dashboard. This allows an unauthenticated attacker to store script that executes in the dashboard origin, reads the session JWT from localStorage, and takes over a dashboard account. The issue is fixed in version 1.25.0.

Vendor
openreplay
Product
Unknown
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Organizations using OpenReplay's self-hosted session replay suite, particularly those with version 1.24.0 or earlier, should be aware of this critical vulnerability. Successful exploitation could lead to unauthorized access to dashboard accounts.

Technical summary

The OpenReplay tracking SDK, used in versions 1.24.0 to before 1.25.0, does not properly encode custom event names and captured page URLs. These are stored in ClickHouse and later rendered in the authenticated dashboard without proper encoding. An unauthenticated attacker can exploit this by storing malicious scripts that execute in the dashboard context, allowing for JWT theft and dashboard account takeover.

Defensive priority

High priority should be given to updating OpenReplay to version 1.25.0 or later. In the meantime, organizations should monitor their OpenReplay instances for suspicious activity and consider implementing additional security measures to protect against potential exploitation.

Recommended defensive actions

  • Update OpenReplay to version 1.25.0 or later
  • Monitor OpenReplay instances for suspicious activity
  • Implement additional security measures to protect against potential exploitation
  • Review and update security configurations for OpenReplay
  • Conduct regular security audits and vulnerability assessments

Evidence notes

The CVE record was published on 2026-07-10T21:16:57.367Z and has not been modified since then. The NVD entry is currently 9.3 CRITICAL. Limited information is available about the specific details of the vulnerability and its exploitation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T21:16:57.367Z and has not been modified since then.