Main Vulnerability Database Vulnerabilities #VU126925

Authentication Bypass by Spoofing in sentry - #VU126925

Published: April 23, 2026

Vulnerability identifier: #VU126925

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-290

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sentry

Affected software:
sentry

Detailed vulnerability description

The vulnerability allows a remote attacker to take over any user account.

The vulnerability exists due to authentication bypass by spoofing in the SAML SSO process when handling authentication with a malicious SAML identity provider across organizations on the same Sentry instance. A remote attacker can use a malicious SAML identity provider and another organization on the same Sentry instance to take over any user account.

The victim email address must be known to exploit the issue. For self-hosted deployments, exploitation requires a multi-organization instance and access to modify SSO settings for another organization.

Remediation

Install security update from vendor's website.

Sources

https://github.com/getsentry/sentry/security/advisories/GHSA-rcmw-7mc7-3rj7

Authentication Bypass by Spoofing in sentry - #VU126925

Detailed vulnerability description

Remediation

Sources

Please verify you're human