Auth bypass in Openreplay
CVE-2026-55881
OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAc…
Vulnerability class: IDOR (Insecure Direct Object Reference)
Affected products
- Openreplay — versions >= 1.22.0, < 1.27.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)