Intel

AIKIDO-2026-549031

sentry-sdk is vulnerable to Insertion of Sensitive Information Into Sent Data

Insertion of Sensitive Information Into Sent Data Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 6 days ago

25

Low Risk

This Affects:

PYTHONsentry-sdk
2.59.0 - 2.63.0
Fixed in 2.64.0
Are you affected? Scan for Free

TL;DR

Several HTTP integrations in the Sentry Python SDK record URL-derived span attributes such as url.full, url.path, url.query, and url.fragment when the experimental span-streaming trace lifecycle (trace_lifecycle set to stream) is enabled. In that mode these attributes are recorded on incoming request and outgoing client spans without checking send_default_pii, so full request URLs, path segments, and query strings are captured even when default PII collection is disabled. Query strings and paths can contain sensitive values such as tokens, session identifiers, or user identifiers, which are then transmitted to Sentry against the user's opt-out. The fix gates these URL attributes behind should_send_default_pii() so they are recorded only when PII collection is explicitly enabled.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range with the experimental span-streaming trace lifecycle enabled (_experiments={"trace_lifecycle": "stream"}) and one of the affected HTTP integrations (such as aiohttp, httpx, wsgi, stdlib, tornado, sanic, boto3, or pyreqwest) active.

Background info

sentry-sdk is vulnerable to Insertion of Sensitive Information Into Sent Data in versions 2.59.0 - 2.63.0.

How to fix this

Upgrade the sentry-sdk library to the patch version.