Edmcboy

**Name of the Vulnerable Software and Affected Versions** Sonarr versions prior to 4.0.16.2942 **Description** Sonarr is a PVR for Usenet and BitTorrent users. A flaw exists where authentication could be bypassed in versions with authentication disabled for local addresses (Authentication Required set to: `Disabled for Local Addresses`) if a reverse proxy was not in place or did not properly handle headers. The issue affects the `Authentication Required` setting. **Recommendations** Update to version 4.0.16.2942 or later. Ensure Sonarr's Authentication Required setting is set to `Enabled`. Run Sonarr behind a reverse proxy. Avoid exposing Sonarr directly to the internet; use a VPN or Tailscale instead.