CVE-2026-52794: CWE-1333: Inefficient Regular Expression Complexity in getsentry sentry
Sentry versions from 24.4.0 up to but not including 26.5.2 contain a Regular Expression Denial of Service (ReDoS) vulnerability in the event ingestion pipeline. This vulnerability arises from a regex applied to attacker-controlled fields that can consume excessive CPU resources. The issue is fixed in version 26.5.2. The vulnerability has a high severity with a CVSS score of 7.5 and impacts availability without affecting confidentiality or integrity.
AI Analysis
Technical Summary
CVE-2026-52794 is a Regular Expression Denial of Service (ReDoS) vulnerability in getsentry's Sentry product affecting versions from 24.4.0 until 26.5.2. The vulnerability occurs in the event ingestion pipeline where a regular expression applied to attacker-controlled input fields can cause disproportionate CPU consumption, leading to denial of service. The vulnerability is fixed in version 26.5.2. No known exploits in the wild have been reported. The CVSS v3.1 score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a high impact on availability with no impact on confidentiality or integrity.
Potential Impact
Successful exploitation of this vulnerability can cause a denial of service by consuming excessive CPU resources on the affected system, impacting availability. There is no impact on confidentiality or integrity according to the CVSS vector. No known exploits have been reported in the wild.
Mitigation Recommendations
A fix is available in Sentry version 26.5.2. Users should upgrade to version 26.5.2 or later to remediate this vulnerability. Patch status is confirmed by the vendor advisory stating the issue is fixed in 26.5.2. Until upgrading, consider limiting exposure of the event ingestion pipeline to untrusted inputs if possible.
CVE-2026-52794: CWE-1333: Inefficient Regular Expression Complexity in getsentry sentry
Description
Sentry versions from 24.4.0 up to but not including 26.5.2 contain a Regular Expression Denial of Service (ReDoS) vulnerability in the event ingestion pipeline. This vulnerability arises from a regex applied to attacker-controlled fields that can consume excessive CPU resources. The issue is fixed in version 26.5.2. The vulnerability has a high severity with a CVSS score of 7.5 and impacts availability without affecting confidentiality or integrity.
CVSS v3.1
Score 7.5high
Affected software
pkg:github/getsentry/sentryRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-52794 is a Regular Expression Denial of Service (ReDoS) vulnerability in getsentry's Sentry product affecting versions from 24.4.0 until 26.5.2. The vulnerability occurs in the event ingestion pipeline where a regular expression applied to attacker-controlled input fields can cause disproportionate CPU consumption, leading to denial of service. The vulnerability is fixed in version 26.5.2. No known exploits in the wild have been reported. The CVSS v3.1 score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a high impact on availability with no impact on confidentiality or integrity.
Potential Impact
Successful exploitation of this vulnerability can cause a denial of service by consuming excessive CPU resources on the affected system, impacting availability. There is no impact on confidentiality or integrity according to the CVSS vector. No known exploits have been reported in the wild.
Mitigation Recommendations
A fix is available in Sentry version 26.5.2. Users should upgrade to version 26.5.2 or later to remediate this vulnerability. Patch status is confirmed by the vendor advisory stating the issue is fixed in 26.5.2. Until upgrading, consider limiting exposure of the event ingestion pipeline to untrusted inputs if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-08T18:02:19.731Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c501d4853345fc1e45bc4
Added to database: 06/24/2026, 21:46:05 UTC
Last enriched: 06/24/2026, 22:03:04 UTC
Last updated: 06/25/2026, 04:22:46 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.