Insecure Direct Object Reference Vulnerability in Sentry by Sentry.io
CVE-2026-26004

5.7MEDIUM

Key Information:

Vendor

Getsentry

Status
Sentry
Vendor
CVE Published:
17 March 2026

What is CVE-2026-26004?

Sentry is a prominent error tracking and performance monitoring tool used by developers. An Insecure Direct Object Reference (IDOR) vulnerability exists in the GroupEventJsonView endpoint, present in versions before 26.1.0. This flaw allows unauthorized access to sensitive data across different organizations. The vulnerability has been addressed in version 26.1.0, which patches the issue, enhancing the overall security of the application.

Affected Version(s)

sentry < 26.1.0

References

https://securitylab.github.com/advisories/GHSL-2025-130_S...
x_refsource_CONFIRM
https://github.com/getsentry/sentry/pull/105601
x_refsource_MISC
https://github.com/getsentry/sentry/commit/45bc78fd57514a...
x_refsource_MISC

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.