EUVD-2026-15992
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3Tags
Description
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure internal network and accessing it via VPN, Tailscale or similar solution outside that network.
Analysis
Sonarr, a PVR application for Usenet and BitTorrent users, contains an unauthenticated path traversal vulnerability on Windows systems that allows remote attackers to read arbitrary files accessible to the Sonarr process. Affected versions include all 4.x branch releases prior to 4.0.17.2950 (nightly/develop) or 4.0.17.2952 (stable/main). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 7 days: Identify all affected systems running versions on the 4.x branch and apply vendor patches promptly. Review file handling controls and restrict upload directories.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today