PatchSiren cyber security CVE debrief
CVE-2026-55879 openreplay CVE debrief
CVE-2026-55879 is a critical vulnerability in OpenReplay's self-hosted session replay suite. From version 1.24.0 to before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key. These are stored in ClickHouse without output encoding and later rendered in the authenticated dashboard. This allows an unauthenticated attacker to store script that executes in the dashboard origin, reads the session JWT from localStorage, and takes over a dashboard account. The issue is fixed in version 1.25.0.
- Vendor
- openreplay
- Product
- Unknown
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Organizations using OpenReplay's self-hosted session replay suite, particularly those with version 1.24.0 or earlier, should be aware of this critical vulnerability. Successful exploitation could lead to unauthorized access to dashboard accounts.
Technical summary
The OpenReplay tracking SDK, used in versions 1.24.0 to before 1.25.0, does not properly encode custom event names and captured page URLs. These are stored in ClickHouse and later rendered in the authenticated dashboard without proper encoding. An unauthenticated attacker can exploit this by storing malicious scripts that execute in the dashboard context, allowing for JWT theft and dashboard account takeover.
Defensive priority
High priority should be given to updating OpenReplay to version 1.25.0 or later. In the meantime, organizations should monitor their OpenReplay instances for suspicious activity and consider implementing additional security measures to protect against potential exploitation.
Recommended defensive actions
- Update OpenReplay to version 1.25.0 or later
- Monitor OpenReplay instances for suspicious activity
- Implement additional security measures to protect against potential exploitation
- Review and update security configurations for OpenReplay
- Conduct regular security audits and vulnerability assessments
Evidence notes
The CVE record was published on 2026-07-10T21:16:57.367Z and has not been modified since then. The NVD entry is currently 9.3 CRITICAL. Limited information is available about the specific details of the vulnerability and its exploitation.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T21:16:57.367Z and has not been modified since then.