CVE-2026-27197: Sentry
CVE-2026-27197
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to ta...
Overview
A critical security vulnerability exists in the SAML Single Sign-On (SSO) implementation of self-hosted Sentry, an error tracking and performance monitoring platform. This flaw could allow an attacker to completely take over any user account on the system.
Vulnerability Details
In affected versions (21.12.0 through 26.1.0), a flaw in the SAML authentication process could be exploited by an attacker who controls a malicious SAML Identity Provider (IdP). By linking this malicious IdP to one organization on the Sentry instance, the attacker could then impersonate any user from any other organization on that same instance during the login process.
Important Scope: Your self-hosted Sentry instance is only vulnerable if it is configured with multiple organizations (i.e., SENTRY_SINGLE_ORGANIZATION = False). An attacker would also need existing access and permissions to configure SSO settings for at least one organization to initiate this attack.
Potential Impact
The impact of this vulnerability is severe (CVSS Score: 9.1 - CRITICAL). A successful attack results in the full compromise of a victim’s user account. The attacker gains all the permissions and access rights associated with that account, which could include:
- Viewing sensitive application error and performance data.
- Modifying project settings or configurations.
- Potentially accessing integrated systems or secrets, depending on the user’s role.
Remediation and Mitigation
Immediate action is required to secure affected systems.
Primary Fix: The definitive solution is to upgrade your self-hosted Sentry installation to version 26.2.0 or later. This version contains the patch that resolves the vulnerability.
Immediate Workaround: If you cannot upgrade immediately, enforce user account-based Two-Factor Authentication (2FA). This adds a critical second layer of security that prevents an attacker from completing a login even if they compromise the primary SAML authentication step.
- Crucial Note: Organization administrators cannot enable 2FA for their users. Each individual user must log in and enable 2FA for their own account. IT and security teams should communicate this requirement urgently to all users.
Summary
Organizations running multi-tenant, self-hosted Sentry instances must prioritize patching this critical account takeover vulnerability. Upgrade to Sentry 26.2.0+ as soon as possible. As a temporary but essential protective measure, mandate that all users enable 2FA on their accounts to significantly reduce the risk of exploitation.
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthentica...
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at `plugin/Live/standAloneFiles/control.json.php` accepts a user-supplie...
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, r...
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin...