Platform
python
Component
sentry
Opgelost in
21.12.1
CVE-2026-27197 is a critical vulnerability affecting Sentry's SAML Single Sign-On (SSO) implementation. This flaw allows an attacker to potentially take over user accounts by leveraging a malicious SAML Identity Provider and exploiting the configuration of multiple organizations within a Sentry instance. The vulnerability impacts Sentry versions 21.12.0 up to, but not including, 26.2.0, and a fix is available in version 26.2.0.
The impact of CVE-2026-27197 is severe. An attacker can exploit this vulnerability to gain unauthorized access to user accounts within a Sentry instance. This is achieved by crafting a malicious SAML response from a compromised or controlled Identity Provider. The attacker must know the victim's email address to successfully exploit the vulnerability. Successful exploitation could lead to unauthorized access to sensitive project data, source code, and other confidential information stored within Sentry. The ability to take over user accounts significantly expands the potential blast radius of this vulnerability, allowing attackers to move laterally within an organization and potentially compromise other systems connected to Sentry.
CVE-2026-27197 was discovered and reported through Sentry's private bug bounty program. Public details were disclosed on 2026-02-21. The vulnerability's severity is considered high due to the potential for account takeover. While no public proof-of-concept (PoC) has been released as of this writing, the ease of exploitation with a controlled SAML Identity Provider suggests a medium probability of exploitation. It is not currently listed on CISA KEV.
Organizations using Sentry for error tracking and performance monitoring, particularly those with multiple organizations configured and relying on SAML SSO for authentication, are at risk. Self-hosted Sentry deployments are especially vulnerable as they require manual upgrades. Shared hosting environments utilizing Sentry with multiple organizations should also be carefully assessed.
• python / server:
# Check Sentry version
import subprocess
result = subprocess.run(['sentry', '--version'], capture_output=True, text=True)
version = result.stdout.strip()
if not version.startswith('26.2.0'):
print('Sentry version is vulnerable!')• generic web:
# Check for SAML configuration files (example path, adjust as needed)
find /etc/sentry/ -name 'saml.conf' -printdisclosure
Exploit Status
EPSS
0.05% (17% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-27197 is to upgrade Sentry to version 26.2.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider temporarily disabling SAML SSO if it is not essential. If multiple organizations are configured (SENTRYSINGLEORGANIZATION = False), carefully review the SAML Identity Provider configurations for any suspicious activity. Monitor Sentry logs for unusual SAML authentication attempts. While a direct WAF rule is difficult to implement, monitoring for unusual SAML request patterns could provide early warning signs. After upgrading, confirm the fix by attempting a SAML login with a test user and verifying that the authentication process functions as expected.
Actualiseer Sentry naar versie 26.2.0 of hoger. Als alternatief, implementeer twee-factor authenticatie op basis van de gebruikersaccount om te voorkomen dat een aanvaller de authenticatie kan voltooien met het account van het slachtoffer.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-27197 is a critical vulnerability in Sentry's SAML SSO implementation allowing attackers to take over user accounts via a malicious Identity Provider if multiple organizations are configured. It impacts versions 21.12.0 through 26.1.9.
You are affected if you use Sentry versions 21.12.0 through 26.1.9 and have multiple organizations configured with SAML SSO enabled.
Upgrade Sentry to version 26.2.0 or later to resolve this vulnerability. If immediate upgrade is not possible, consider temporarily disabling SAML SSO.
While no public exploit is currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the official Sentry security advisory for detailed information and updates: [https://www.sentry.io/security/advisories/CVE-2026-27197/](https://www.sentry.io/security/advisories/CVE-2026-27197/)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je requirements.txt-bestand en we vertellen je direct of je getroffen bent.