{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27197", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-18T19:47:02.154Z", "datePublished": "2026-02-21T04:35:14.635Z", "dateUpdated": "2026-02-24T19:00:07.663Z"}, "containers": {"cna": {"title": "Sentry: Improper Authentication on SAML SSO process allows user identity linking", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45g"}], "affected": [{"vendor": "getsentry", "product": "sentry", "versions": [{"version": ">= 21.12.0, < 26.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T04:35:14.635Z"}, "descriptions": [{"lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account."}], "source": {"advisory": "GHSA-ggmg-cqg6-j45g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T18:59:48.802566Z", "id": "CVE-2026-27197", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T19:00:07.663Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27197", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T18:59:48.802566Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:59:56.472Z"}}], "cna": {"title": "Sentry: Improper Authentication on SAML SSO process allows user identity linking", "source": {"advisory": "GHSA-ggmg-cqg6-j45g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "getsentry", "product": "sentry", "versions": [{"status": "affected", "version": ">= 21.12.0, < 26.2.0"}]}], "references": [{"url": "https://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45g", "name": "https://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45g", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T04:35:14.635Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27197", "state": "PUBLISHED", "dateUpdated": "2026-02-24T19:00:07.663Z", "dateReserved": "2026-02-18T19:47:02.154Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-21T04:35:14.635Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*", "matchCriteriaId": "53B1BCE6-47BF-4AF1-AD95-22981FDC92A0", "versionEndExcluding": "26.2.0", "versionStartIncluding": "21.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account."}], "id": "CVE-2026-27197", "lastModified": "2026-02-23T20:45:01.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-21T05:17:29.510", "references": [{"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[21.12.0,26.2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "sentry", "source": "cna", "vendor": "getsentry"}, "product": "sentry", "vendor": "getsentry"}], "analysis": {"en": {"generated_at": "2026-04-18T11:20:50.921910+00:00", "value": {"mitigation_remediation": ["Upgrade to Sentry 26.2.0 or later to apply the vendor\u2011fixed patch.", "Enable two\u2011factor authentication for all user accounts; this prevents an attacker from completing authentication even if a malicious SAML IdP is used.", "Restrict SAML Identity Provider configurations to trusted providers only and audit SSO settings to ensure only authorized administrators can modify them."], "summary": {"action": "Patch Immediately", "impact": "User Account Takeover via SAML Manipulation"}, "threat_synthesis": {"affected_systems": "Only self\u2011hosted Sentry deployments are impacted, and the vulnerability is actionable when either more than one organization is configured or when an attacker has privileges to change SSO settings for another organization in a multi\u2011organization instance. All affected deployments running any of the versions from 21.12.0 to 26.1.0 are at risk under those conditions.", "description_and_impact": "Sentry versions 21.12.0 through 26.1.0 contain a flaw in the SAML Single Sign-On process that allows an attacker to link a malicious SAML Identity Provider to a different organization on the same Sentry instance. By doing so, the attacker can authenticate as any user within that organization without knowing the user\u2019s credentials. This results in full compromise of the user account, granting the attacker the same permissions as the legitimate user, including data access, modification, and potential administrative actions.", "risk_and_exploitability": "The CVSS score of 9.1 indicates a critical level of severity, yet the EPSS score of less than 1% suggests a currently low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation is possible remotely; an attacker only needs to craft a forged SAML assertion and initiate the SSO flow against the vulnerable Sentry instance. If successful, the attacker gains full account takeover, potentially leading to uncontrolled access to the organization\u2019s data and resources."}}}}, "created": "2026-02-23T14:32:45.851649+00:00", "updated": "2026-04-18T11:30:44.311945+00:00", "vendors": ["getsentry", "getsentry$PRODUCT$sentry"]}