CVE-2026-30975
Authentication Bypass in Sonarr Affects Local Access Without Proxy
Publication date: 2026-03-25
Last updated on: 2026-03-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sonarr | sonarr | to 4.0.16.2942 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to high confidentiality and integrity impacts because attackers can bypass authentication and gain unauthorized access to Sonarr.
Attackers do not need any privileges or user interaction to exploit this vulnerability.
However, availability is not affected by this vulnerability.
Exploitation could allow attackers to view or modify sensitive data managed by Sonarr.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The authentication bypass vulnerability in Sonarr allows unauthorized remote access when authentication is disabled for local addresses without a properly configured reverse proxy. This leads to high confidentiality and integrity impacts, which could result in unauthorized access to sensitive data.
Such unauthorized access risks violating data protection standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.
Therefore, if this vulnerability is exploited, it could lead to non-compliance with these regulations due to potential data breaches or unauthorized data manipulation.
Mitigations such as enabling authentication, using a correctly configured reverse proxy, or restricting access via VPNs are essential to maintain compliance.
Can you explain this vulnerability to me?
CVE-2026-30975 is an authentication bypass vulnerability in Sonarr versions prior to 4.0.16.2942.
The issue occurs when users disable authentication for local addresses (setting "Authentication Required" to Disabled for Local Addresses) without running Sonarr behind a properly configured reverse proxy that correctly handles the X-Forwarded-For header.
This misconfiguration allows attackers to bypass authentication remotely without any privileges or user interaction.
The vulnerability is classified under CWE-290 (Authentication Bypass by Spoofing).
What immediate steps should I take to mitigate this vulnerability?
To mitigate the authentication bypass vulnerability in Sonarr versions prior to 4.0.16.2942, you should take the following immediate steps:
- Enable the "Authentication Required" setting in Sonarr instead of disabling it for local addresses.
- Run Sonarr behind a reverse proxy that is properly configured to handle the X-Forwarded-For header correctly.
- Avoid exposing Sonarr directly to the internet; instead, access it through a VPN, Tailscale, or a similar secure access solution.
- Update Sonarr to version 4.0.16.2942 (nightly/develop) or 4.0.16.2944 (stable/main) where the vulnerability is patched.