Vulnerability in Cleanuparr
CVE-2026-32702
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenti…
EPSS: 0.001 (23.7th percentile) — read the EPSS interpretation.
Affected products
- Cleanuparr — versions >= 2.7.0, <= 2.8.0
Weakness classification (CWE)
References
- https://github.com/Cleanuparr/Cleanuparr/security/advisories/GHSA-gjmf-m27r-2c9v (x_refsource_CONFIRM)