21.12.1
CVE-2026-27197 is a critical vulnerability affecting Sentry's SAML Single Sign-On (SSO) implementation. This flaw allows an attacker to potentially take over user accounts by leveraging a malicious SAML Identity Provider and exploiting the configuration of multiple organizations within a Sentry instance. The vulnerability impacts Sentry versions 21.12.0 up to, but not including, 26.2.0, and a fix is available in version 26.2.0.
The impact of CVE-2026-27197 is severe. An attacker can exploit this vulnerability to gain unauthorized access to user accounts within a Sentry instance. This is achieved by crafting a malicious SAML response from a compromised or controlled Identity Provider. The attacker must know the victim's email address to successfully exploit the vulnerability. Successful exploitation could lead to unauthorized access to sensitive project data, source code, and other confidential information stored within Sentry. The ability to take over user accounts significantly expands the potential blast radius of this vulnerability, allowing attackers to move laterally within an organization and potentially compromise other systems connected to Sentry.
CVE-2026-27197 was discovered and reported through Sentry's private bug bounty program. Public details were disclosed on 2026-02-21. The vulnerability's severity is considered high due to the potential for account takeover. While no public proof-of-concept (PoC) has been released as of this writing, the ease of exploitation with a controlled SAML Identity Provider suggests a medium probability of exploitation. It is not currently listed on CISA KEV.
Organizations using Sentry for error tracking and performance monitoring, particularly those with multiple organizations configured and relying on SAML SSO for authentication, are at risk. Self-hosted Sentry deployments are especially vulnerable as they require manual upgrades. Shared hosting environments utilizing Sentry with multiple organizations should also be carefully assessed.
• python / server:
# Check Sentry version
import subprocess
result = subprocess.run(['sentry', '--version'], capture_output=True, text=True)
version = result.stdout.strip()
if not version.startswith('26.2.0'):
print('Sentry version is vulnerable!')• generic web:
# Check for SAML configuration files (example path, adjust as needed)
find /etc/sentry/ -name 'saml.conf' -printdisclosure
漏洞利用状态
EPSS
0.05% (17% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-27197 is to upgrade Sentry to version 26.2.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider temporarily disabling SAML SSO if it is not essential. If multiple organizations are configured (SENTRYSINGLEORGANIZATION = False), carefully review the SAML Identity Provider configurations for any suspicious activity. Monitor Sentry logs for unusual SAML authentication attempts. While a direct WAF rule is difficult to implement, monitoring for unusual SAML request patterns could provide early warning signs. After upgrading, confirm the fix by attempting a SAML login with a test user and verifying that the authentication process functions as expected.
将 Sentry 更新到版本 26.2.0 或更高版本。或者,实施基于用户帐户的双因素身份验证,以防止攻击者使用受害者的帐户完成身份验证。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-27197 is a critical vulnerability in Sentry's SAML SSO implementation allowing attackers to take over user accounts via a malicious Identity Provider if multiple organizations are configured. It impacts versions 21.12.0 through 26.1.9.
You are affected if you use Sentry versions 21.12.0 through 26.1.9 and have multiple organizations configured with SAML SSO enabled.
Upgrade Sentry to version 26.2.0 or later to resolve this vulnerability. If immediate upgrade is not possible, consider temporarily disabling SAML SSO.
While no public exploit is currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the official Sentry security advisory for detailed information and updates: [https://www.sentry.io/security/advisories/CVE-2026-27197/](https://www.sentry.io/security/advisories/CVE-2026-27197/)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 requirements.txt 文件,立即知道是否受影响。