SAML SSO Vulnerability in Sentry Error Tracking and Performance Monitoring Tool
CVE-2026-42354

9.1CRITICAL

Key Information:

Vendor

Getsentry

Status
Sentry
Vendor
CVE Published:
8 May 2026

What is CVE-2026-42354?

A flaw was identified in the SAML Single Sign-On (SSO) implementation of Sentry, affecting versions from 21.12.0 to before 26.4.1. This vulnerability enables an attacker to compromise any user account by leveraging a malicious SAML Identity Provider while being part of the same Sentry instance. Successful exploitation requires the assailant to know the victim's email address. Users are advised to upgrade to version 26.4.1 or later, where this issue has been rectified.

Affected Version(s)

sentry >= 21.12.0, < 26.4.1

References

https://github.com/getsentry/sentry/security/advisories/G...
x_refsource_CONFIRM
https://github.com/getsentry/sentry/pull/113720
x_refsource_MISC
https://github.com/getsentry/sentry/commit/0c67558ae7fe08...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.