High severity8.8NVD Advisory· Published May 10, 2026· Updated May 14, 2026
CVE-2021-47935
CVE-2021-47935
Description
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/50318nvdExploitVDB Entry
- www.vulncheck.com/advisories/sentry-remote-code-execution-via-pickle-deserializationnvdThird Party Advisory
- sentry.io/welcome/nvdProduct
News mentions
6- CISA gives feds four days to patch Ivanti flaw exploited as zero-dayBleepingComputer · May 8, 2026
- Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)Help Net Security · May 8, 2026
- Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level AccessThe Hacker News · May 7, 2026
- Ivanti warns of new EPMM flaw exploited in zero-day attacksBleepingComputer · May 7, 2026
- The AI engineering stack we built internally — on the platform we shipCloudflare Blog · Apr 20, 2026
- Mobile app permissions (still) matter more than you may thinkESET WeLiveSecurity · Feb 27, 2026