CVE-2026-44183
CRITICAL EPSS 12.7%
Published May 12, 20261mo ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Published May 12, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entry is attacker-controlled — X-Forwarded-For is append-only, so the leftmost value is whatever the original HTTP client claimed. By sending a spoofed local IP in the header, an unauthenticated remote attacker passes the trusted-network check and is logged in as the Cleanuparr administrator. This vulnerability is fixed in 2.9.10.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
12.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-290
CWE-348
References 1
- github.com https://github.com/Cleanuparr/Cleanuparr/security/advisories/GHSA-8q44-v65j-jc3q
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.