CVE Catalog

CVE-2026-52794

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

Sentry is an error tracking and performance monitoring tool. From version 24.4.0 to 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time.

Risk Assessment

An attacker can send specially crafted events causing excessive CPU consumption on the Sentry server, leading to denial of service (DoS) and disruption of error monitoring for the organization.

Recommendation

Immediately upgrade Sentry to version 26.5.2 or later, which contains the fix for the ReDoS vulnerability.

Original NVD description (English source)

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS