CVE-2026-27197

Name of the Vulnerable Software and Affected Versions Sentry versions 21.12.0 through 26.1.0

Description Sentry, a developer-first error tracking and performance monitoring tool, has a critical issue in its SAML SSO implementation. This allows an attacker to take over any user account by utilizing a malicious SAML Identity Provider, particularly in a multi-organization Sentry instance. Self-hosted users are at risk if more than one organization is configured or if a malicious user has existing access and permissions to modify SSO settings for another organization. The issue allows attackers to log in as any user without a password. The vulnerability impacts account security through user identity linking.

Recommendations Update to Sentry version 26.2.0 to resolve this issue. Implement user account-based two-factor authentication to prevent an attacker from completing authentication with a victim's user account.