CVE-2026-55880
HIGH
7.1
CVSS 3.1
Description
OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.update_widget and dashboards.remove_widget filtered only on dashboard id and widget id, allowing any authenticated member to delete another user's private session notes and remove or rewrite widgets on another user's private dashboards.
Metadata
Severity & Metrics
7.1
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| openreplay | openreplay | — | <= 1.27.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-639 | cna | CWE-639: Authorization Bypass Through User-Controlled Key |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.1 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L |
References (1)
- https://github.com/openreplay/openreplay/security/advisories/GHSA-9xfv-p2fx-vmx9 https://github.com/openreplay/openreplay/security/advisories/GHSA-9xfv-p2fx-vmx9