Nexus Repository Manager
CVE-2026-10741
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
High privileges (PR:H) and the required presence of a credentialed proxy repository (AC:H) tightly limit exploitation; scope changes to upstream systems justify S:C with bounded confidentiality impact.
Primary rating from Vendor (Sonatype).
CVSS VectorVendor: Sonatype
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.
AnalysisAI
Incorrect authorization in Sonatype Nexus Repository Manager before 3.93.0 permits a delegated repository administrator to read stored upstream proxy credentials beyond their intended authorization scope. The flaw resides in the proxy repository configuration pathway, where role-scoped administrators can retrieve credentials that should be restricted to higher-privilege system-level accounts. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated user holding the delegated repository administrator role in Sonatype Nexus Repository Manager - a role that must be explicitly assigned by a full system administrator and is not granted to ordinary repository consumers by default. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N) scores 5.9, reflecting the significant prerequisite of high privilege (PR:H) and the presence of a specific attack condition (AT:P - a proxy repository must be configured with stored upstream credentials). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An insider, or an attacker who has separately obtained a delegated repository administrator account, authenticates to the Nexus web interface, navigates to the proxy repository configuration for a repository that uses stored upstream credentials, and retrieves those credentials through the improperly authorized configuration endpoint. No public exploit code exists, and the attack requires no special tooling beyond standard browser or API interaction with the Nexus management interface. |
| Remediation | Upgrade to Sonatype Nexus Repository Manager version 3.93.0 or later, which contains the authorization fix confirmed by the vendor release notes at https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html and the associated support advisory at https://support.sonatype.com/hc/en-us/articles/52341191736851. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Nexus Repository Manager
View allSonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this v
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.ja
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2),
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 al
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed crede
Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and
Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentica
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), th
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions o
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today