CVE-2026-26004

UNKNOWN 0.0

Sentry allows unauthorized access to event data across organizational boundaries

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue.

CWE	CWE-639
Vendor	getsentry
Product	sentry
Published	Mar 17, 2026
Last Updated	Mar 18, 2026

Stay Ahead of the Next One

Get instant alerts for getsentry sentry

Be the first to know when new unknown vulnerabilities affecting getsentry sentry are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

getsentry / sentry

< 26.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

securitylab.github.com: https://securitylab.github.com/advisories/GHSL-2025-130_Sentry/ github.com: https://github.com/getsentry/sentry/pull/105601 github.com: https://github.com/getsentry/sentry/commit/45bc78fd57514a04eb62e73dd1eeb3ca2d723997