Sentry

This hub aggregates every CVE we track for Sentry, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Sentry.

• CVE-2026-10523An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative ...9.9Jun 9, 2026
• CVE-2026-10520An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code executionKEV10.0Jun 9, 2026
• CVE-2021-47935Sentry 8.2.0 Remote Code Execution via Pickle Deserialization8.8May 10, 2026
• CVE-2026-42354Sentry: Improper authentication on SAML SSO process allows user identity linking9.1May 8, 2026
• CVE-2026-26004Sentry allows unauthorized access to event data across organizational boundaries6.5Mar 17, 2026
• CVE-2026-27197Sentry: Improper Authentication on SAML SSO process allows user identity linking9.1Feb 21, 2026
• CVE-2023-39338Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the...6.8Jul 12, 2025
• CVE-2025-53099Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation7.5Jul 1, 2025
• CVE-2025-53073In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's ...4.2Jun 24, 2025
• CVE-2025-22146Improper authentication on SAML SSO process allows user impersonation in sentry9.1Jan 15, 2025
• CVE-2024-8540Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.8.8Dec 10, 2024
• CVE-2024-53253Sentry's improper error handling leaks Application Integration Client Secret5.3Nov 22, 2024
• CVE-2024-48743Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.6.5Oct 25, 2024
• CVE-2024-10276Telestream Sentry Reports Page page cross site scripting3.5Oct 23, 2024
• CVE-2024-45605Improper authorization on deletion of user issue alert notifications in sentry6.5Sep 17, 2024