Home / Vulnerability Intelligence / CVE-2026-30976

CVE-2026-30976 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 26, 2026

Sonarr - Path Traversal

Published: March 25, 2026Updated: March 26, 2026Remote Exploitable

Overview

Sonarr 4.x < 4.0.17.2950 on Windows contains a path traversal caused by unrestricted file access in the API, letting unauthenticated remote attackers read any file accessible by the Sonarr process, exploit requires network access to Sonarr API.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 6.2%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can read sensitive files including configuration and system files, leading to information disclosure and potential further compromise.

Mitigation

Update to version 4.0.17.2950 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 25, 2026

🟠 CVE-2026-30976 - High (8.6) Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (co... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30976/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30976
Severity: High
CVSS Score: 8.6
Type: path_traversal
Status: unconfirmed
EPSS: 6.2%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score

6.2%Probability of exploitation in the next 30 days