PT-2026-28129 · Sonarr · Sonarr

Bart

Publicado

2026-03-25

Atualizado

2026-03-26

CVE-2026-30975

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sonarr versions prior to 4.0.16.2942

Description Sonarr is a PVR for Usenet and BitTorrent users. A flaw exists where authentication could be bypassed in versions with authentication disabled for local addresses (Authentication Required set to: Disabled for Local Addresses) if a reverse proxy was not in place or did not properly handle headers. The issue affects the Authentication Required setting.

Recommendations Update to version 4.0.16.2942 or later. Ensure Sonarr's Authentication Required setting is set to Enabled. Run Sonarr behind a reverse proxy. Avoid exposing Sonarr directly to the internet; use a VPN or Tailscale instead.

Exploit

Correção

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-290

Identificadores relacionados

CVE-2026-30975

GHSA-H5QX-5HJF-7C9R

Produtos afetados

Sonarr

PT-2026-28129 · Sonarr · Sonarr

CVE-2026-30975

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9