CVE-2026-52794

Description

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

getsentry / sentry>= 24.4.0, < 26.5.2 – >= 24.4.0, < 26.5.2

References

VENDOR_ADVISORYhttps://github.com/getsentry/sentry/security/advisories/GHSA-jjqr-wqg2-p856
PATCHhttps://github.com/getsentry/sentry/pull/116587