CVE-2026-30976

Published: Mar 25, 2026 Last Modified: Mar 25, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure internal network and accessing it via VPN, Tailscale or similar solution outside that network.

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2950
https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2950
https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2952
https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2952
https://github.com/Sonarr/Sonarr/security/advisories/GHSA-h…
https://github.com/Sonarr/Sonarr/security/advisories/GHSA-h393-v5hm-6h8f