Vendor
CVE-2026-30976 allows an unauthenticated remote attacker to read arbitrary files readable by the Sonarr process on Windows systems running vulnerable versions prior to 4.0.17.2950, potentially exposing sensitive data.