Platform
python
Component
sentry
Fixed in
21.12.1
CVE-2026-27197 is a critical vulnerability affecting Sentry's SAML Single Sign-On (SSO) implementation. This flaw allows an attacker to potentially take over user accounts by leveraging a malicious SAML Identity Provider and exploiting the configuration of multiple organizations within a Sentry instance. The vulnerability impacts Sentry versions 21.12.0 up to, but not including, 26.2.0, and a fix is available in version 26.2.0.
The impact of CVE-2026-27197 is severe. An attacker can exploit this vulnerability to gain unauthorized access to user accounts within a Sentry instance. This is achieved by crafting a malicious SAML response from a compromised or controlled Identity Provider. The attacker must know the victim's email address to successfully exploit the vulnerability. Successful exploitation could lead to unauthorized access to sensitive project data, source code, and other confidential information stored within Sentry. The ability to take over user accounts significantly expands the potential blast radius of this vulnerability, allowing attackers to move laterally within an organization and potentially compromise other systems connected to Sentry.
CVE-2026-27197 was discovered and reported through Sentry's private bug bounty program. Public details were disclosed on 2026-02-21. The vulnerability's severity is considered high due to the potential for account takeover. While no public proof-of-concept (PoC) has been released as of this writing, the ease of exploitation with a controlled SAML Identity Provider suggests a medium probability of exploitation. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.05% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-27197 is to upgrade Sentry to version 26.2.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider temporarily disabling SAML SSO if it is not essential. If multiple organizations are configured (SENTRYSINGLEORGANIZATION = False), carefully review the SAML Identity Provider configurations for any suspicious activity. Monitor Sentry logs for unusual SAML authentication attempts. While a direct WAF rule is difficult to implement, monitoring for unusual SAML request patterns could provide early warning signs. After upgrading, confirm the fix by attempting a SAML login with a test user and verifying that the authentication process functions as expected.
Update Sentry to version 26.2.0 or higher. Alternatively, implement user account-based two-factor authentication to prevent an attacker from completing authentication with the victim's account.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-27197 is a critical vulnerability in Sentry's SAML SSO implementation allowing attackers to take over user accounts via a malicious Identity Provider if multiple organizations are configured. It impacts versions 21.12.0 through 26.1.9.
You are affected if you use Sentry versions 21.12.0 through 26.1.9 and have multiple organizations configured with SAML SSO enabled.
Upgrade Sentry to version 26.2.0 or later to resolve this vulnerability. If immediate upgrade is not possible, consider temporarily disabling SAML SSO.
While no public exploit is currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the official Sentry security advisory for detailed information and updates: [https://www.sentry.io/security/advisories/CVE-2026-27197/](https://www.sentry.io/security/advisories/CVE-2026-27197/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.