プラットフォーム
python
コンポーネント
sentry
修正版
21.12.1
CVE-2026-27197 is a critical vulnerability affecting Sentry's SAML Single Sign-On (SSO) implementation. This flaw allows an attacker to potentially take over user accounts by leveraging a malicious SAML Identity Provider and exploiting the configuration of multiple organizations within a Sentry instance. The vulnerability impacts Sentry versions 21.12.0 up to, but not including, 26.2.0, and a fix is available in version 26.2.0.
The impact of CVE-2026-27197 is severe. An attacker can exploit this vulnerability to gain unauthorized access to user accounts within a Sentry instance. This is achieved by crafting a malicious SAML response from a compromised or controlled Identity Provider. The attacker must know the victim's email address to successfully exploit the vulnerability. Successful exploitation could lead to unauthorized access to sensitive project data, source code, and other confidential information stored within Sentry. The ability to take over user accounts significantly expands the potential blast radius of this vulnerability, allowing attackers to move laterally within an organization and potentially compromise other systems connected to Sentry.
CVE-2026-27197 was discovered and reported through Sentry's private bug bounty program. Public details were disclosed on 2026-02-21. The vulnerability's severity is considered high due to the potential for account takeover. While no public proof-of-concept (PoC) has been released as of this writing, the ease of exploitation with a controlled SAML Identity Provider suggests a medium probability of exploitation. It is not currently listed on CISA KEV.
Organizations using Sentry for error tracking and performance monitoring, particularly those with multiple organizations configured and relying on SAML SSO for authentication, are at risk. Self-hosted Sentry deployments are especially vulnerable as they require manual upgrades. Shared hosting environments utilizing Sentry with multiple organizations should also be carefully assessed.
• python / server:
# Check Sentry version
import subprocess
result = subprocess.run(['sentry', '--version'], capture_output=True, text=True)
version = result.stdout.strip()
if not version.startswith('26.2.0'):
print('Sentry version is vulnerable!')• generic web:
# Check for SAML configuration files (example path, adjust as needed)
find /etc/sentry/ -name 'saml.conf' -printdisclosure
エクスプロイト状況
EPSS
0.05% (17% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-27197 is to upgrade Sentry to version 26.2.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider temporarily disabling SAML SSO if it is not essential. If multiple organizations are configured (SENTRYSINGLEORGANIZATION = False), carefully review the SAML Identity Provider configurations for any suspicious activity. Monitor Sentry logs for unusual SAML authentication attempts. While a direct WAF rule is difficult to implement, monitoring for unusual SAML request patterns could provide early warning signs. After upgrading, confirm the fix by attempting a SAML login with a test user and verifying that the authentication process functions as expected.
Sentry をバージョン 26.2.0 以降にアップデートしてください。代替案として、攻撃者が被害者のアカウントで認証を完了できないように、ユーザーアカウントベースの二要素認証を実装してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-27197 is a critical vulnerability in Sentry's SAML SSO implementation allowing attackers to take over user accounts via a malicious Identity Provider if multiple organizations are configured. It impacts versions 21.12.0 through 26.1.9.
You are affected if you use Sentry versions 21.12.0 through 26.1.9 and have multiple organizations configured with SAML SSO enabled.
Upgrade Sentry to version 26.2.0 or later to resolve this vulnerability. If immediate upgrade is not possible, consider temporarily disabling SAML SSO.
While no public exploit is currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the official Sentry security advisory for detailed information and updates: [https://www.sentry.io/security/advisories/CVE-2026-27197/](https://www.sentry.io/security/advisories/CVE-2026-27197/)
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。