High severity8.8NVD Advisory· Published May 10, 2026· Updated May 14, 2026
CVE-2021-47935
CVE-2021-47935
Description
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sentryPyPI | < 8.1.4 | 8.1.4 |
sentryPyPI | >= 8.2.0, < 8.2.2 | 8.2.2 |
Affected products
4- Range: =8.2.0
Patches
Vulnerability mechanics
References
9- www.exploit-db.com/exploits/50318nvdExploitVDB EntryWEB
- github.com/advisories/GHSA-444r-2whx-3685ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-47935ghsaADVISORY
- www.vulncheck.com/advisories/sentry-remote-code-execution-via-pickle-deserializationnvdThird Party AdvisoryWEB
- github.com/getsentry/sentry/commit/19a0ba63d9ffb6aff79c7b78e2fa951a94edd61aghsaWEB
- github.com/getsentry/sentry/commit/1f6090dc64b237c3da22bf35a5863a7136ac4669ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/sentry/PYSEC-2026-131.yamlghsaWEB
- sentry.io/welcomeghsaWEB
- sentry.io/welcome/nvdProduct
News mentions
0No linked articles in our index yet.