A critical vulnerability in Sentry's SAML SSO implementation allows attackers to take over user accounts by exploiting cross-organization trust.

The SAML SSO logic fails to properly isolate organizations, allowing a malicious SAML Identity Provider to impersonate users from another organization on the same instance.

With a CVSS score of 9.1, this allows attackers to gain unauthorized access to sensitive Sentry data, including API keys and performance metrics. This is a severe threat to the confidentiality of organizational data stored within Sentry.

Immediate Action: Update Sentry to version 26.4.1 or later immediately.

Proactive Monitoring: Audit SAML configuration and review logs for suspicious SSO login events, particularly those involving multiple organizations.

Compensating Controls: If immediate patching is not possible, temporarily disable SAML SSO and enforce strong multi-factor authentication for all users.

Public Exploit Available: No

Account takeover vulnerabilities in SSO providers are high-impact events. Organizations should prioritize this update to ensure the integrity of their identity and access management.