{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T16:54:41.094","vulnerabilities":[{"cve":{"id":"CVE-2026-27197","sourceIdentifier":"security-advisories@github.com","published":"2026-02-21T05:17:29.510","lastModified":"2026-06-17T10:26:49.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation  which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to prevent an attacker from being able to complete authentication with a victim's user account. Organization administrators cannot do this on a user's behalf, this requires individual users to ensure 2FA has been enabled for their account."},{"lang":"es","value":"Sentry es una herramienta de seguimiento de errores y monitoreo de rendimiento diseñada para desarrolladores. Las versiones 21.12.0 a la 26.1.0 tienen una vulnerabilidad crítica en su implementación de SAML SSO que permite a un atacante tomar el control de cualquier cuenta de usuario mediante el uso de un proveedor de identidad SAML malicioso y otra organización en la misma instancia de Sentry. Los usuarios autoalojados solo están en riesgo si se cumplen los siguientes criterios: más de una organización está configurada (SENTRY_SINGLE_ORGANIZATION = True), o un usuario malicioso tiene acceso y permisos existentes para modificar la configuración de SSO para otra organización en una instancia multi-organización. Este problema ha sido solucionado en la versión 26.2.0. Como solución alternativa a este problema, implemente la autenticación de dos factores basada en la cuenta de usuario para evitar que un atacante pueda completar la autenticación con la cuenta de usuario de una víctima. Los administradores de la organización no pueden hacer esto en nombre de un usuario; esto requiere que los usuarios individuales se aseguren de que la 2FA ha sido habilitada para su cuenta."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getsentry","product":"sentry","versions":[{"version":">= 21.12.0, < 26.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-24T18:59:48.802566Z","id":"CVE-2026-27197","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*","versionStartIncluding":"21.12.0","versionEndExcluding":"26.2.0","matchCriteriaId":"53B1BCE6-47BF-4AF1-AD95-22981FDC92A0"}]}]}],"references":[{"url":"https://github.com/getsentry/sentry/security/advisories/GHSA-ggmg-cqg6-j45g","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}