Authorization Bypass in Nexus Repository by Sonatype
CVE-2026-14504
8.2HIGH
What is CVE-2026-14504?
An authorization bypass in Sonatype's Nexus Repository 3 has been identified, affecting the component upload API. This vulnerability enables users with merely read or browse privileges on Swift, Terraform, or Conda hosted repositories to upload unauthorized artifacts. The issue lies in the ineffective enforcement of write-permission checks, which can lead to potential security breaches and unauthorized access to sensitive repository data.
Affected Version(s)
Nexus Repository 3 3.88.0 < 3.94.0
