Home / Vulnerability Intelligence / CVE-2026-30975

CVE-2026-30975 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 26, 2026

Sonarr - Authentication Bypass

Published: March 25, 2026Updated: March 26, 2026Remote Exploitable

Overview

Sonarr < 4.0.16.2942 contains an authentication bypass caused by disabled authentication for local addresses without a reverse proxy passing invalid headers, letting attackers bypass authentication, exploit requires specific configuration.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 5.5%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass authentication, gaining unauthorized access to the application and its data.

Mitigation

Update to version 4.0.16.2942 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 25, 2026

🟠 CVE-2026-30975 - High (8.1) Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Required set to: `Disabled for Local Addresses`) ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30975/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30975
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed
EPSS: 5.5%
Social Posts: 1

CWE

CWE-290

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score

5.5%Probability of exploitation in the next 30 days