Sentry's improper authentication on SAML SSO process allows user identity linking — CVE-2026-42354
GitHub · GitHub · CVE-2026-42354
ID
CVE-2026-42354
CVE-2026-42354
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
critical
critical
CVSS
9.1
9.1
EPSS
0.0003
0.0003
Summary
### Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. Self-hosted users…
Product
pip: sentry
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.