A critical vulnerability in Sentry's SAML implementation enables attackers to take over any user account by exploiting weaknesses in multi-organization SSO configurations.

The SAML SSO implementation fails to properly isolate organizations, allowing an attacker with a malicious SAML Identity Provider to impersonate users from another organization on the same instance. This requires the instance to have multiple organizations or specific SSO modification permissions enabled.

A successful account takeover gives attackers access to sensitive error logs, source code snippets, and performance data. Given the CVSS score of 9.1, this represents a high-impact risk to corporate intellectual property and security monitoring integrity.

Immediate Action: Update Sentry to version 26.2.0 immediately to resolve the SAML isolation flaw.

Proactive Monitoring: Audit SAML configuration changes and review login logs for unexpected authentication events originating from unfamiliar Identity Providers.

Compensating Controls: As a workaround, mandate individual user-based two-factor authentication (2FA), which prevents attackers from completing the login process even if the SAML bypass is successful.

Public Exploit Available: No

Updating to version 26.2.0 is the most effective way to mitigate this risk. Additionally, administrators should strongly encourage or enforce 2FA for all users, as it provides a critical second layer of defense against account takeover vulnerabilities like this one.