diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37aa48688..7db64baf7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 
 ### Fixed
 
+- api: fix infinite loop in function string_replace when the search string is empty
 - irc: limit size of data received from the server to prevent memory exhaustion
 - relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion
 - relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
diff --git a/src/core/core-string.c b/src/core/core-string.c
index 82b1b061d..8bfabaef9 100644
--- a/src/core/core-string.c
+++ b/src/core/core-string.c
@@ -1959,6 +1959,9 @@ string_replace (const char *string, const char *search, const char *replace)
     if (!string || !search || !replace)
         return NULL;
 
+    if (!search[0])
+        return strdup (string);
+
     length1 = strlen (search);
     length2 = strlen (replace);
 
diff --git a/tests/unit/core/test-core-string.cpp b/tests/unit/core/test-core-string.cpp
index e8ef085c2..3814dd02b 100644
--- a/tests/unit/core/test-core-string.cpp
+++ b/tests/unit/core/test-core-string.cpp
@@ -1452,6 +1452,8 @@ TEST(CoreString, Replace)
     WEE_TEST_STR(NULL, string_replace ("string", NULL, "replace"));
     WEE_TEST_STR(NULL, string_replace (NULL, "search", "replace"));
 
+    WEE_TEST_STR("test abc def", string_replace("test abc def", "", "xxx"));
+
     WEE_TEST_STR("test abc def", string_replace("test abc def", "xyz", "xxx"));
     WEE_TEST_STR("test xxx def", string_replace("test abc def", "abc", "xxx"));
     WEE_TEST_STR("xxx test xxx def xxx",