Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable login endpoint with no rate-limiting allows unauthenticated guessing (AV:N/AC:L/PR:N/UI:N); successful guess discloses account credentials giving high confidentiality, with no direct integrity or availability impact on the platform.
Primary rating from Vendor (Sonatype).
CVSS VectorVendor: Sonatype
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.
AnalysisAI
Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentication endpoints, allowing remote unauthenticated attackers to brute-force or password-spray valid user accounts. The flaw stems from improper restriction of excessive authentication attempts (CWE-307) and carries a CVSS 4.0 base score of 8.7 reflecting high confidentiality impact; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Technical ContextAI
Sonatype Nexus Repository Manager is a widely deployed artifact repository used to host Maven, npm, Docker, PyPI, NuGet and other build artifacts in CI/CD pipelines. The affected component is the authentication subsystem (login endpoints), where CWE-307 (Improper Restriction of Excessive Authentication Attempts) indicates the absence or insufficiency of lockout, throttling, or rate-limiting controls. CPE coverage cpe:2.3:a:sonatype:nexus_repository_manager:*:*:*:*:*:*:*:* indicates all unpatched versions of Nexus Repository 3 are potentially in scope; fixed code appears in release 3.93.0 per the Sonatype release notes.
RemediationAI
Vendor-released patch: 3.93.0 - upgrade Nexus Repository Manager to 3.93.0 or later as documented in the Sonatype release notes (https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html) and the support advisory (https://support.sonatype.com/hc/en-us/articles/52482870409491). Where immediate patching is not possible, place the Nexus UI and REST authentication endpoints behind an authenticating reverse proxy or WAF that enforces per-source rate limiting and account lockout, restrict network exposure of /service/rest/v1/security and the login endpoints to trusted CIDR ranges or VPN, enable SSO/SAML so that lockout is enforced upstream by the IdP, and rotate any credentials that were valid prior to mitigation; note that aggressive WAF rate limits can break legitimate CI agents that authenticate frequently, so allowlist build runner egress IPs.
More in Nexus Repository Manager
View allSonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this v
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.ja
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2),
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 al
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed crede
Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), th
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions o
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnera
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36268
GHSA-pfx2-jf85-mvf2