CVE-2026-52794
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-52794
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sentry sentry From 24.4.0 (inc) to 26.5.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Regular Expression Denial of Service (ReDoS) issue in Sentry's event ingestion pipeline. It occurs because a regular expression is applied to fields in incoming events that can be controlled by an attacker. By crafting specific input, an attacker can cause the regex to consume excessive CPU resources, leading to a denial of service.

Impact Analysis

The vulnerability can cause a denial of service by making the system consume disproportionate CPU time when processing attacker-controlled input. This can degrade performance or make the Sentry service unavailable, impacting monitoring and error tracking capabilities.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Sentry to version 26.5.2 or later, where the Regular Expression Denial of Service (ReDoS) issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52794. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart