Nixpkgs security tracker

Login with GitHub

Suggestions search

Dismissed
Filter by:
With package: sonarr

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-30975
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created suggestion 1 month, 1 week ago
  • @LeSuisse ignored
    2 packages
    • home-assistant-component-tests.sonarr
    • tests.home-assistant-component-tests.sonarr
    1 month, 1 week ago
  • @LeSuisse dismissed 1 month, 1 week ago
Sonarr Authentication Bypass vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Required set to: `Disabled for Local Addresses`) without a reverse proxy running in front of Sonarr that didn't not pass through the invalid header. Patches are available in version 4.0.16.2942 in the nightly/develop branch and version 4.0.16.2944 for stable/main releases. Some workarounds are available. Make sure Sonarr's Authentication Required setting is set to `Enabled`, run Sonarr behind a reverse proxy, and/or do not expose Sonarr directly to the internet and instead rely on accessing it through a VPN, Tailscale or a similar solution.

Affected products

Sonarr
  • ==< 4.0.16.2942

Matching in nixpkgs

Ignored packages (2)

Package maintainers

Current stable branch was never impacted: https://github.com/NixOS/nixpkgs/commit/e9a6f320c08199693a03a00662141897cd3c79ce