What is CVE-2026-44184?

CVE-2026-44184 is a high-severity vulnerability in Cleanuparr, classified under Origin Validation Error. CVSS score: 8.0/10. Published 2026-05-12.

How severe is CVE-2026-44184?

High severity. CVSS v3 base score is 8.0 out of 10.

Vulnerability in Cleanuparr

CVE-2026-44184

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines i…

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Cleanuparr — versions < 2.9.10

Weakness classification (CWE)

CWE-346 — Origin Validation Error
CWE-942 — Permissive Cross-domain Policy with Untrusted Domains

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44184?: CVE-2026-44184 is a high-severity vulnerability in Cleanuparr, classified under Origin Validation Error. CVSS score: 8.0/10. Published 2026-05-12.
How severe is CVE-2026-44184?: High severity. CVSS v3 base score is 8.0 out of 10.