CVE-2026-30976

Published: Mar 25, 2026

Modified: Mar 26, 2026

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure internal network and accessing it via VPN, Tailscale or similar solution outside that network.

Vendor	Product	Versions
Sonarr	Sonarr	affected `>= 4.0, < 4.0.17.2950`

Weaknesses (CWE)

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

References

https://github.com/Sonarr/Sonarr/security/advisories/GHSA-h393-v5hm-6h8f

x_refsource_CONFIRM

https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2950

x_refsource_MISC

https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2952

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-30976

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References