Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2021-47935: Sentry 8.2.0 allows superusers to execute malicious code
CVE-2021-47935
Summary
Authenticated superusers in Sentry 8.2.0 can execute malicious code if an attacker sends a specific type of request to the audit log endpoint. This means that if an attacker gains access to a superuser's account, they can potentially take control of the system. To protect your system, update Sentry to the latest version or restrict superuser access until the issue is fixed.
Original title
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log...
Original description
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-94
Code Injection
Published: 10 May 2026 · Updated: 30 May 2026 · First seen: 10 May 2026