PT-2026-50525 · Sonatype · Nexus Repository Manager

Published

2026-06-17

Updated

2026-06-18

CVE-2026-10741

CVSS v4.0

5.9

Medium

Vector

AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0

Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials.

Recommendations Update to version 3.93.0 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-10741

Affected Products

Nexus Repository Manager

PT-2026-50525 · Sonatype · Nexus Repository Manager

CVE-2026-10741

Weakness Enumeration

Related Identifiers

Affected Products

References · 4