Vulnerability Details CVE-2026-52794
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 19.6%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-52794
-
cpe:2.3:a:sentry:sentry:24.10.0
-
cpe:2.3:a:sentry:sentry:24.11.0
-
cpe:2.3:a:sentry:sentry:24.11.1
-
cpe:2.3:a:sentry:sentry:24.11.2
-
cpe:2.3:a:sentry:sentry:24.12.0
-
cpe:2.3:a:sentry:sentry:24.12.1
-
cpe:2.3:a:sentry:sentry:24.12.2
-
cpe:2.3:a:sentry:sentry:24.4.0
-
cpe:2.3:a:sentry:sentry:24.4.1
-
cpe:2.3:a:sentry:sentry:24.4.2
-
cpe:2.3:a:sentry:sentry:24.5.0
-
cpe:2.3:a:sentry:sentry:24.5.1
-
cpe:2.3:a:sentry:sentry:24.6.0
-
cpe:2.3:a:sentry:sentry:24.7.0
-
cpe:2.3:a:sentry:sentry:24.7.1
-
cpe:2.3:a:sentry:sentry:24.8.0
-
cpe:2.3:a:sentry:sentry:24.9.0
-
cpe:2.3:a:sentry:sentry:25.1.0
-
cpe:2.3:a:sentry:sentry:25.10.0
-
cpe:2.3:a:sentry:sentry:25.11.0
-
cpe:2.3:a:sentry:sentry:25.11.1
-
cpe:2.3:a:sentry:sentry:25.12.0
-
cpe:2.3:a:sentry:sentry:25.12.1
-
cpe:2.3:a:sentry:sentry:25.2.0
-
cpe:2.3:a:sentry:sentry:25.3.0
-
cpe:2.3:a:sentry:sentry:25.4.0
-
cpe:2.3:a:sentry:sentry:25.5.0
-
cpe:2.3:a:sentry:sentry:25.5.1
-
cpe:2.3:a:sentry:sentry:25.6.0
-
cpe:2.3:a:sentry:sentry:25.6.1
-
cpe:2.3:a:sentry:sentry:25.6.2
-
cpe:2.3:a:sentry:sentry:25.7.0
-
cpe:2.3:a:sentry:sentry:25.8.0
-
cpe:2.3:a:sentry:sentry:25.9.0
-
cpe:2.3:a:sentry:sentry:26.1.0
-
cpe:2.3:a:sentry:sentry:26.2.0
-
cpe:2.3:a:sentry:sentry:26.2.1