CVE-2026-26004
- Source
- https://cve.org/CVERecord?id=CVE-2026-26004
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-26004.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-26004
- Published
- 2026-03-17T23:21:35.460Z
- Modified
- 2026-04-10T05:40:52.834913Z
- Severity
-
- 5.7 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- Sentry allows unauthorized access to event data across organizational boundaries
- Details
-
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26004.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-639" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26004.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-26004
- https://securitylab.github.com/advisories/GHSL-2025-130_Sentry/
- https://github.com/getsentry/sentry/commit/45bc78fd57514a04eb62e73dd1eeb3ca2d723997
- https://github.com/getsentry/sentry/pull/105601
Affected packages
Git / github.com/getsentry/sentry
Affected ranges
- Type
- GIT
- Repo
- https://github.com/getsentry/sentry
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.10.0
1.10.1
1.11.0
1.11.1
1.11.2
1.11.3
1.4.3
1.6.2
1.6.4
1.6.5
1.6.7
1.6.8
1.6.8.1
1.7.3
1.8.8
2.*
2.0.0
2.0.0-RC5
2.0.0-RC7
2.0.0-RC9
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.8.0
2.8.1
2.9.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.3.0
3.3.1
3.3.2
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.5.2
3.5.3
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.8.0
3.8.1
4.*
4.0.0
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.10.0
4.2.0
4.2.1
4.2.2
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.6.0
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.7
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.9.0
4.9.4
4.9.5
4.9.6
4.9.7
4.9.7.1
4.9.8
5.*
5.1.0
5.1.1
5.1.1.1
5.1.1.2
5.1.2
5.1.3
5.1.4
5.1.5
5.2.0
5.2.1
5.3.0
5.3.1
5.3.2
5.3.3
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.2.2
6.2.3
8.*
8.0.0
8.0.0-rc1
8.1.0
v1.*
v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.6.2
v1.6.4
v1.6.5
v1.6.7
v1.6.8
v1.6.8.1
v1.7.3
v1.8.8