Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 18, 2026
Sentry allows unauthorized access to event data across organizational boundaries
CVE-2026-26004
Description
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/getsentry/sentry/commit/45bc78fd57514a04eb62e73dd1eeb3ca2d723997mitrex_refsource_MISC
- github.com/getsentry/sentry/pull/105601mitrex_refsource_MISC
- securitylab.github.com/advisories/GHSL-2025-130_Sentry/mitrex_refsource_CONFIRM
News mentions
6- CISA gives feds four days to patch Ivanti flaw exploited as zero-dayBleepingComputer · May 8, 2026
- Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)Help Net Security · May 8, 2026
- Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level AccessThe Hacker News · May 7, 2026
- Ivanti warns of new EPMM flaw exploited in zero-day attacksBleepingComputer · May 7, 2026
- The AI engineering stack we built internally — on the platform we shipCloudflare Blog · Apr 20, 2026
- Mobile app permissions (still) matter more than you may thinkESET WeLiveSecurity · Feb 27, 2026