CRITICAL
getsentry
CVE published 2026-05-08
CVE-2026-42354
A critical authentication bypass vulnerability exists in Sentry's SAML SSO implementation, affecting versions 21.12.0 through 26.4.0. The flaw allows account takeover via malicious SAML Identity Provider manipulation when targeting known email addresses on shared Sentry instances. The vulnerability stems from improper validation of SAML assertions (CWE-290), enabling attackers to authenticate as arbitrary [truncated]