CVE-2021-47935
published 2026-05-10CVE-2021-47935: Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.93%
56.0th percentile
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sentry | sentry | — | — |
| sentry | sentry | >= 0 < 8.1.4 | 8.1.4 |
| sentry | sentry | >= 8.2.0 < 8.2.2 | 8.2.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-444r-2whx-3685: Sentry 8
ghsa_unreviewed·2026-05-10
CVE-2021-47935 [HIGH] CWE-94 GHSA-444r-2whx-3685: Sentry 8
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
GHSA
Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter
ghsa·2026-05-10
CVE-2021-47935 [HIGH] CWE-94 Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter
Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
VulDB
Sentry 8.2.0 Admin Audit Log Endpoint code injection (Exploit 50318 / EDB-50318)
vuldb·2026-05-10·CVSS 8.7
CVE-2021-47935 [HIGH] Sentry 8.2.0 Admin Audit Log Endpoint code injection (Exploit 50318 / EDB-50318)
A vulnerability identified as critical has been detected in Sentry 8.2.0. This vulnerability affects unknown code of the component Admin Audit Log Endpoint. This manipulation causes code injection.
This vulnerability is tracked as CVE-2021-47935. The attack is possible to be carried out remotely. Moreover, an exploit is present.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-10
Published