Authorization Vulnerability in Sonatype Nexus Repository Manager
CVE-2026-10741

5.9MEDIUM

Key Information:

Vendor: Sonatype
Status: Nexus Repository Manager
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-10741?

An authorization vulnerability exists in Sonatype Nexus Repository Manager versions prior to 3.93.0, where a delegated repository administrator can exploit the proxy repository configuration. This flaw may lead to the unauthorized disclosure of stored upstream proxy credentials, potentially compromising sensitive information and impacting the integrity of the repository.

Affected Version(s)

Nexus Repository Manager 3.1.0 < 3.93.0

References

https://help.sonatype.com/en/sonatype-nexus-repository-3-...

patch

https://support.sonatype.com/hc/en-us/articles/5234119173...

vendor-advisory

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 3, 2026

Credit

Ho Boon Suan

CVE-2026-10741 Data

JSON