CVE-2026-28443

Vulnerability Description

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0.

Vulnerability Details

Published Date

March 05, 2026

Last Modified

March 09, 2026

CWE ID

CWE-89

Source

NVD

Vendor

openreplay

Product

openreplay

External References

https://github.com/openreplay/openreplay/security/advisories/GHSA-q6gf-3qg3-pww5

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment