CVE-2026-30976

HIGH EPSS 47.3%
Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure internal network and accessing it via VPN, Tailscale or similar solution outside that network.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
47.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
sonarrsonarr*≥4.0.0.741  –  <4.0.17.2950

References 3

  • github.com https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2950
    Release Notes
  • github.com https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2952
    Release Notes
  • github.com https://github.com/Sonarr/Sonarr/security/advisories/GHSA-h393-v5hm-6h8f
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.