Critical Sentry SAML SSO flaw enables account takeover
TL;DR — A critical SAML SSO flaw in self-hosted Sentry lets attackers take over accounts in multi-organization deployments by manipulating SSO configuration.
What happened
Sentry is a widely-used application monitoring and error tracking platform used by development teams to diagnose production issues. CVE-2026-27197 describes an Improper Authentication issue in Sentry's SAML SSO implementation that allows account takeover under certain conditions in multi-organization self-hosted deployments. A malicious user who can modify SSO settings for another organization can exploit this to compromise user accounts.
SAML implementation bugs continue to be a rich source of critical auth bypasses — similar issues have hit GitLab, Ruby-SAML, and Duo in recent cycles.
Who is impacted
- Self-hosted Sentry versions
>= 21.12.0and< 26.2.0. - Risk depends on multi-organization deployment configuration and permissions.
- CVSS 3.1: 9.1 (Critical).
What to do now
- Follow vendor remediation guidance and apply the latest patched release available at the time of writing.
- If you cannot immediately upgrade, enable user account-based two-factor authentication (2FA) as a mitigation.
- Audit SSO configuration for unexpected changes in multi-org setups.
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.