Sonarr vulnerability?

Sonarr version (exact version): 4.0.17.2969
Mono version (if Sonarr is not running on Windows):
OS: Windows 2022 Server
Debug logs:
Description of issue: Action1 reports Sonarr has vulnerability CVE-2026-30975, with a CVSS score of 8.1 and remediation status shows Overdue.

It actually looks like when Sonarr updates it doesn’t updates it doesn’t update the Windows uninstall registry information so it still shows as being installed in 2024 and that I am on version 4, not 4.0.17.2969 in the Windows Programs and Features which I bet is causing the flag. I guess the Dev Team will have to look into that.

image769×28 2.2 KB

Thanks,

And yet another reason I left WinBLOAT behind. YEARS ago like over 15 .msi files were suppose to replace ,exe cause with .msi files a install could self monitor itself. This meant updating the version correctly when a update came out, removing the old version first, removing unneeded assets, and creating a complete record of what was installed so if you decided to remove the app it removed everything for it.

Correct, Sonarr doesn’t re-install on update, it applies the update over the existing files. We don’t have plans to change this at this time.