PT-2026-25961 · Sentry · Sentry
Github Security Lab
+4
·
Published
2026-03-17
·
Updated
2026-03-19
·
CVE-2026-26004
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Sentry versions prior to 26.1.0
Description
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) issue in the
GroupEventJsonView endpoint. An Insecure Direct Object Reference occurs when an application uses user-supplied input to directly access objects, potentially allowing unauthorized access to data.Recommendations
Update to version 26.1.0 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sentry