CVE-2026-52794 | Sentry is an error tracking and performance monitoring tool.… | CVSS 7.5 HIGH

Description

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.

Metadata

CVE ID: CVE-2026-52794
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-08 18:02 UTC
Published: 2026-06-24 21:26 UTC
Last updated: 2026-06-24 21:26 UTC
Primary CWE: CWE-1333
CWE-1333: Inefficient Regular Expression Complexity
Vendor / Product: getsentry / sentry
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products (1)

Vendor	Product	Platform	Versions
getsentry	sentry	—	>= 24.4.0, < 26.5.2

Weakness (CWE)

CWE	Source	Description
CWE-1333	cna	CWE-1333: Inefficient Regular Expression Complexity

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)

https://github.com/getsentry/sentry/security/advisories/GHSA-jjqr-wqg2-p856 https://github.com/getsentry/sentry/security/advisories/GHSA-jjqr-wqg2-p856
https://github.com/getsentry/sentry/pull/116587 https://github.com/getsentry/sentry/pull/116587