Skip to main content

Apple CVE-2026-30976

| EUVDEUVD-2026-15992 HIGH
Path Traversal (CWE-22)
2026-03-25 GitHub_M
8.6
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:13 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
4.0.17.2950
EUVD ID Assigned
Mar 25, 2026 - 21:17 euvd
EUVD-2026-15992
Analysis Generated
Mar 25, 2026 - 21:17 vuln.today
CVE Published
Mar 25, 2026 - 21:11 nvd
HIGH 8.6

DescriptionGitHub Advisory

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure internal network and accessing it via VPN, Tailscale or similar solution outside that network.

AnalysisAI

Sonarr, a PVR application for Usenet and BitTorrent users, contains an unauthenticated path traversal vulnerability on Windows systems that allows remote attackers to read arbitrary files accessible to the Sonarr process. Affected versions include all 4.x branch releases prior to 4.0.17.2950 (nightly/develop) or 4.0.17.2952 (stable/main). With a CVSS score of 8.6 and network-based unauthenticated access (AV:N/PR:N), this represents a significant confidentiality risk allowing attackers to extract API keys, database credentials, and sensitive system files from Windows installations.

Technical ContextAI

This vulnerability affects Sonarr (cpe:2.3:a:sonarr:sonarr) version 4.x prior to the patched releases and stems from a classic path traversal weakness (CWE-22). The API endpoints serving files failed to properly validate and restrict file paths to their intended serving directory, allowing attackers to use directory traversal sequences (such as ../ or similar techniques) to escape the intended directory boundary and access arbitrary files on Windows systems. The vulnerability is platform-specific due to differences in how file path handling and permissions work across operating systems, with only Windows implementations affected while macOS and Linux systems properly constrain file access. The root cause is insufficient input validation and sanitization on file path parameters accepted by the API, combined with inadequate access controls that failed to verify requested files were within authorized directories.

RemediationAI

Upgrade Sonarr to version 4.0.17.2950 or later for nightly/develop branch users, or version 4.0.17.2952 or later for stable/main branch users as documented in the release notes at https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2950 and https://github.com/Sonarr/Sonarr/releases/tag/v4.0.17.2952. Until patching can be completed, restrict Sonarr access to trusted internal networks only and require external users to connect via VPN, Tailscale, or similar secure access solutions that prevent direct internet exposure. As an additional defense-in-depth measure, run the Sonarr process with minimal file system permissions to limit the scope of accessible files if exploitation occurs. Review the GitHub security advisory at https://github.com/Sonarr/Sonarr/security/advisories/GHSA-h393-v5hm-6h8f for complete remediation guidance and verify that the application is not directly accessible from untrusted networks.

Share

CVE-2026-30976 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy