Description
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account.
Published: 2026-02-21
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: User Account Takeover via SAML Manipulation
Action: Patch Immediately
AI Analysis

Impact

Sentry versions 21.12.0 through 26.1.0 contain a flaw in the SAML Single Sign-On process that allows an attacker to link a malicious SAML Identity Provider to a different organization on the same Sentry instance. By doing so, the attacker can authenticate as any user within that organization without knowing the user’s credentials. This results in full compromise of the user account, granting the attacker the same permissions as the legitimate user, including data access, modification, and potential administrative actions.

Affected Systems

Only self‑hosted Sentry deployments are impacted, and the vulnerability is actionable when either more than one organization is configured or when an attacker has privileges to change SSO settings for another organization in a multi‑organization instance. All affected deployments running any of the versions from 21.12.0 to 26.1.0 are at risk under those conditions.

Risk and Exploitability

The CVSS score of 9.1 indicates a critical level of severity, yet the EPSS score of less than 1% suggests a currently low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation is possible remotely; an attacker only needs to craft a forged SAML assertion and initiate the SSO flow against the vulnerable Sentry instance. If successful, the attacker gains full account takeover, potentially leading to uncontrolled access to the organization’s data and resources.

Generated by OpenCVE AI on April 18, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Sentry 26.2.0 or later to apply the vendor‑fixed patch.
  • Enable two‑factor authentication for all user accounts; this prevents an attacker from completing authentication even if a malicious SAML IdP is used.
  • Restrict SAML Identity Provider configurations to trusted providers only and audit SSO settings to ensure only authorized administrators can modify them.

Generated by OpenCVE AI on April 18, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-ggmg-cqg6-j45g Sentry: Improper authentication on SAML SSO process allows user identity linking
History

Wed, 25 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Sentry
Sentry sentry
CPEs cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*
Vendors & Products Sentry
Sentry sentry

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Getsentry
Getsentry sentry
Vendors & Products Getsentry
Getsentry sentry

Sat, 21 Feb 2026 05:00:00 +0000

Type Values Removed Values Added
Description Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account.
Title Sentry: Improper Authentication on SAML SSO process allows user identity linking
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Getsentry Sentry
Sentry Sentry
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-24T19:00:07.663Z

Reserved: 2026-02-18T19:47:02.154Z

Link: CVE-2026-27197

cve-icon Vulnrichment

Updated: 2026-02-24T18:59:56.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T05:17:29.510

Modified: 2026-02-23T20:45:01.957

Link: CVE-2026-27197

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:30:44Z

Weaknesses