CVE-2026-30976

Name of the Vulnerable Software and Affected Versions Sonarr versions prior to 4.0.17.2950

Description Sonarr is a PVR for Usenet and BitTorrent users. An unauthenticated remote attacker can potentially read any file readable by the Sonarr process. This includes application configuration files (containing API keys and database credentials) and Windows system files. This issue only impacts Windows systems. Files returned from the API were not limited to the directory on disk they were intended to be served from.

Recommendations Update to version 4.0.17.2950 or later.