CVE-2026-32702 in Cleanuparrالمعلومات

الملخص

بحسب MITRE • 16/03/2026

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. It appears that the hashing function, which is the most time-consuming part of the process by design, occurs as part of the VerifyPassword function. With the short circuits occurring before the hashing function, a timing differential is introduced that exposes validity to the actor. This vulnerability is fixed in 2.8.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

13/03/2026

إفشاء

16/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-351048

CPE

جاهز

CWE

CWE-208 (مؤكد)

CVSS

5.3 (NVD)

EPSS

0.00080

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32702
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32702
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32702/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!