PYSEC-2026-131
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/sentry/PYSEC-2026-131.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2026-131
- Aliases
-
- CVE-2021-47935
- Published
- 2026-05-10T13:16:29.693Z
- Modified
- 2026-05-21T15:00:27.065617604Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
- References
Affected packages
PyPI / sentry
Package
- Name
- sentry
- View open source insights on deps.dev
- Purl
- pkg:pypi/sentry
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected8.2.0
Affected versions
2.*
2.0.0-Alpha1
2.0.0-RC5
2.0.0-RC6
2.0.0-RC7
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.1.3
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.8.0
2.8.1
2.8.2
2.9.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.3.0
3.3.1
3.3.2
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.8.0
3.8.1
3.8.2
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.2.0
4.2.1
4.2.2
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.4.1
4.5.4.2
4.5.5
4.5.6
4.5.7
4.6.0
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.9.5
4.9.6
4.9.7
4.9.7.1
4.9.8
4.10.0
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.8.1
5.0.9
5.0.10
5.0.11
5.0.11.1
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.16.1
5.0.17
5.0.17.1
5.0.17.2
5.0.18
5.0.18.1
5.0.18.2
5.0.19
5.0.20
5.0.20.1
5.0.21
5.1.0
5.1.1
5.1.1.1
5.1.1.2
5.1.2
5.1.3
5.1.4
5.1.5
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.5.0-DEV
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.2.2
6.2.3
6.3.0
6.3.1
6.3.2
6.3.3
6.4.0
6.4.1
6.4.2
6.4.2.1
6.4.3
6.4.4
7.*
7.0.0
7.0.1
7.0.2
7.1.0
7.1.1
7.1.2
7.1.3
7.1.4
7.2.0
7.3.0
7.3.1
7.3.2
7.4.0
7.4.1
7.4.3
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.6
7.6.0
7.6.2
7.7.0
7.7.1
7.7.4
8.*
8.0.0rc1
8.0.0rc2
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.2.0