Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-26069

Scraparr Readarr Integration exposes sensitive values as metric labels.
Back to all
CVE

CVE-2026-26069

Scraparr Readarr Integration exposes sensitive values as metric labels.

Scraparr is a Prometheus Exporter for various components of the *arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions are met, Readarr scraping feature was enabled and no alias configured, the exporter’s /metrics endpoint was accessible to external or unauthorized users, and the Readarr instance is externally accessible. If the /metrics endpoint was publicly accessible, the Readarr API key could have been disclosed via exported metrics data. This vulnerability is fixed in 3.0.2.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
9.1
-
4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/26xxx/CVE-2026-26069.json, https://github.com/thecfu/scraparr/commit/194116bb8fb0b6ea26421b3e7a7b326973f56cd0, https://github.com/thecfu/scraparr/releases/tag/v3.0.2, https://github.com/thecfu/scraparr/security/advisories/GHSA-hx24-222f-w5cj, https://nvd.nist.gov/vuln/detail/CVE-2026-26069

Severity

0

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
0
EPSS Probability
0.00052%
EPSS Percentile
0.16352%
Introduced Version
b8cfe6ece04385403902b6ce88ab4a04aeaa9d48
Fix Available
fa86e200248b768f5588c05d078f00b8fc7b6d5b

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading