Ddos 
Sentry, the widely used application monitoring and error-tracking platform, has disclosed a critical vulnerability in its SAML SSO implementation. Tracked as CVE-2026-42354, this flaw carries a severe CVSS score of 9.1 and could allow an attacker to bypass authentication and take over user accounts under specific configurations.
The core of the problem lies in an improper authentication process during SAML Single Sign-On. This flaw allows for unauthorized “identity linking”. Specifically, an attacker can exploit this by using a malicious SAML Identity Provider (IdP) and a separate organization on the same Sentry instance to seize control of a target account.
Exploitation Requirements:
- Email Knowledge: The attacker must know the victim’s email address.
- SSO Permissions: The malicious actor must have existing permissions to modify SSO settings for at least one organization on the instance.
- Instance Type: This vulnerability primarily threatens multi-organization environments.
For self-hosted users, the risk is only present if the instance is configured to support more than one organization (SENTRY_SINGLE_ORGANIZATION = False).
Sentry has already taken steps to secure its users:
- Sentry SaaS: A fix was automatically deployed in April 2026, and cloud users require no further action.
- Self-Hosted Sentry:
- If your instance is restricted to a single organization (SENTRY_SINGLE_ORGANIZATION = True), you are not affected.
- For all other self-hosted environments, administrators are strongly urged to upgrade to version 26.4.1 or higher immediately.
User account-based two-factor authentication prevents an attacker from being able to complete authentication with a victim’s user account. Organization administrators cannot do this on a user’s behalf, this requires individual users to ensure 2FA has been enabled for their account.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
