Scraparr

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-26069 HIGH PATCH This Week

Scraparr versions 3.0.0-beta through 3.0.1 expose Readarr API keys in plaintext through the /metrics endpoint when the Readarr integration is enabled without a custom alias configured. An attacker with access to the publicly exposed /metrics endpoint can harvest valid API credentials to compromise an externally accessible Readarr instance. This vulnerability affects only deployments where Readarr scraping is enabled, no alias is set, and the metrics endpoint is accessible to untrusted users.

Prometheus Industrial Scraparr

NVD GitHub

CVSS 3.1

7.5

EPSS

0.0%

CVE-2026-26069

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Scraparr versions 3.0.0-beta through 3.0.1 expose Readarr API keys in plaintext through the /metrics endpoint when the Readarr integration is enabled without a custom alias configured. An attacker with access to the publicly exposed /metrics endpoint can harvest valid API credentials to compromise an externally accessible Readarr instance. This vulnerability affects only deployments where Readarr scraping is enabled, no alias is set, and the metrics endpoint is accessible to untrusted users.

Prometheus Industrial Scraparr

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy