CVE-2026-52794
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
Sentry is an error tracking and performance monitoring tool. From version 24.4.0 to 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time.
Risk Assessment
An attacker can send specially crafted events causing excessive CPU consumption on the Sentry server, leading to denial of service (DoS) and disruption of error monitoring for the organization.
Recommendation
Immediately upgrade Sentry to version 26.5.2 or later, which contains the fix for the ReDoS vulnerability.
Original NVD description (English source)
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.

