Skip to main content

Nexus Repository Manager CVE-2026-10741

MEDIUM
Incorrect Authorization (CWE-863)
2026-06-17 Sonatype
5.9
CVSS 4.0 · Vendor: Sonatype
Share

Severity by source

Vendor (Sonatype) PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.0 LOW

High privileges (PR:H) and the required presence of a credentialed proxy repository (AC:H) tightly limit exploitation; scope changes to upstream systems justify S:C with bounded confidentiality impact.

3.1 AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (Sonatype).

CVSS VectorVendor: Sonatype

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 20:04 vuln.today

DescriptionCVE.org

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

AnalysisAI

Incorrect authorization in Sonatype Nexus Repository Manager before 3.93.0 permits a delegated repository administrator to read stored upstream proxy credentials beyond their intended authorization scope. The flaw resides in the proxy repository configuration pathway, where role-scoped administrators can retrieve credentials that should be restricted to higher-privilege system-level accounts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Acquire delegated repository administrator credentials
Delivery
Authenticate to Nexus web management interface
Exploit
Navigate to proxy repository configuration for a target repository
Execution
Exploit authorization flaw to read stored upstream proxy credentials
Impact
Use disclosed credentials against private upstream artifact repositories

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated user holding the delegated repository administrator role in Sonatype Nexus Repository Manager - a role that must be explicitly assigned by a full system administrator and is not granted to ordinary repository consumers by default. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N) scores 5.9, reflecting the significant prerequisite of high privilege (PR:H) and the presence of a specific attack condition (AT:P - a proxy repository must be configured with stored upstream credentials). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An insider, or an attacker who has separately obtained a delegated repository administrator account, authenticates to the Nexus web interface, navigates to the proxy repository configuration for a repository that uses stored upstream credentials, and retrieves those credentials through the improperly authorized configuration endpoint. No public exploit code exists, and the attack requires no special tooling beyond standard browser or API interaction with the Nexus management interface.
Remediation Upgrade to Sonatype Nexus Repository Manager version 3.93.0 or later, which contains the authorization fix confirmed by the vendor release notes at https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html and the associated support advisory at https://support.sonatype.com/hc/en-us/articles/52341191736851. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-7238 CRITICAL POC
9.8 Mar 21

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this v

CVE-2019-5475 HIGH POC
8.8 Sep 03

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.ja

CVE-2018-16621 HIGH POC
7.2 Nov 15

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2),

CVE-2018-5307 MEDIUM POC
6.1 Feb 09

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 al

CVE-2018-5306 MEDIUM POC
6.1 Feb 09

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow

CVE-2017-17717 CRITICAL
9.8 Dec 17

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP

CVE-2019-9629 CRITICAL
9.8 Jul 08

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed crede

CVE-2026-11403 HIGH
8.7 Jul 14

Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and

CVE-2026-3329 HIGH
8.7 Jun 11

Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentica

CVE-2020-15012 HIGH
8.6 Oct 12

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity

CVE-2020-15868 HIGH
7.5 Aug 12

Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), th

CVE-2019-9630 HIGH
7.5 Jul 08

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions o

Share

CVE-2026-10741 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy