FKIE_CVE-2026-27197

Vulnerability from fkie_nvd - Published: 2026-02-21 05:17 - Updated: 2026-02-23 20:45
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account.
References
security-advisories@github.comhttps://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45gMitigation, Vendor Advisory
Impacted products
Vendor Product Version
sentry sentry *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B1BCE6-47BF-4AF1-AD95-22981FDC92A0",
              "versionEndExcluding": "26.2.0",
              "versionStartIncluding": "21.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation  which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim\u0027s user account. Organization administrators cannot do this on a user\u0027s behalf, this requires individual users to ensure 2FA has been enabled for their account."
    },
    {
      "lang": "es",
      "value": "Sentry es una herramienta de seguimiento de errores y monitoreo de rendimiento dise\u00f1ada para desarrolladores. Las versiones 21.12.0 a la 26.1.0 tienen una vulnerabilidad cr\u00edtica en su implementaci\u00f3n de SAML SSO que permite a un atacante tomar el control de cualquier cuenta de usuario mediante el uso de un proveedor de identidad SAML malicioso y otra organizaci\u00f3n en la misma instancia de Sentry. Los usuarios autoalojados solo est\u00e1n en riesgo si se cumplen los siguientes criterios: m\u00e1s de una organizaci\u00f3n est\u00e1 configurada (SENTRY_SINGLE_ORGANIZATION = True), o un usuario malicioso tiene acceso y permisos existentes para modificar la configuraci\u00f3n de SSO para otra organizaci\u00f3n en una instancia multi-organizaci\u00f3n. Este problema ha sido solucionado en la versi\u00f3n 26.2.0. Como soluci\u00f3n alternativa a este problema, implemente la autenticaci\u00f3n de dos factores basada en la cuenta de usuario para evitar que un atacante pueda completar la autenticaci\u00f3n con la cuenta de usuario de una v\u00edctima. Los administradores de la organizaci\u00f3n no pueden hacer esto en nombre de un usuario; esto requiere que los usuarios individuales se aseguren de que la 2FA ha sido habilitada para su cuenta."
    }
  ],
  "id": "CVE-2026-27197",
  "lastModified": "2026-02-23T20:45:01.957",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-21T05:17:29.510",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.