CVE-2026-10748

Description

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

sonatype / nexus_repository_manager3.0.0 – 3.0.0
sonatype / nexus_repository_manager3.0.1 – 3.0.1
sonatype / nexus_repository_manager3.0.2 – 3.0.2
sonatype / nexus_repository_manager3.1.0 – 3.1.0
sonatype / nexus_repository_manager3.2.0 – 3.2.0
sonatype / nexus_repository_manager3.2.1 – 3.2.1
sonatype / nexus_repository_manager3.3.0 – 3.3.0
sonatype / nexus_repository_manager3.3.1 – 3.3.1
sonatype / nexus_repository_manager3.3.2 – 3.3.2
sonatype / nexus_repository_manager3.4.0 – 3.4.0
sonatype / nexus_repository_manager3.5.0 – 3.5.0
sonatype / nexus_repository_manager3.5.1 – 3.5.1
sonatype / nexus_repository_manager3.5.2 – 3.5.2
sonatype / nexus_repository_manager3.6.0 – 3.6.0
sonatype / nexus_repository_manager3.6.1 – 3.6.1
sonatype / nexus_repository_manager3.6.2 – 3.6.2
sonatype / nexus_repository_manager3.7.0 – 3.7.0
sonatype / nexus_repository_manager3.7.1 – 3.7.1
sonatype / nexus_repository_manager3.8.0 – 3.8.0
sonatype / nexus_repository_manager3.9.0 – 3.9.0
sonatype / nexus_repository_manager3.10.0 – 3.10.0
sonatype / nexus_repository_manager3.11.0 – 3.11.0
sonatype / nexus_repository_manager3.12.0 – 3.12.0
sonatype / nexus_repository_manager3.12.1 – 3.12.1
sonatype / nexus_repository_manager3.13.0 – 3.13.0
sonatype / nexus_repository_manager3.14.0 – 3.14.0
sonatype / nexus_repository_manager3.15.0 – 3.15.0
sonatype / nexus_repository_manager3.15.1 – 3.15.1
sonatype / nexus_repository_manager3.15.2 – 3.15.2
sonatype / nexus_repository_manager3.16.0 – 3.16.0
sonatype / nexus_repository_manager3.16.1 – 3.16.1
sonatype / nexus_repository_manager3.16.2 – 3.16.2
sonatype / nexus_repository_manager3.17.0 – 3.17.0
sonatype / nexus_repository_manager3.18.0 – 3.18.0
sonatype / nexus_repository_manager3.18.1 – 3.18.1
sonatype / nexus_repository_manager3.19.0 – 3.19.0
sonatype / nexus_repository_manager3.19.1 – 3.19.1
sonatype / nexus_repository_manager3.20.0 – 3.20.0
sonatype / nexus_repository_manager3.20.1 – 3.20.1
sonatype / nexus_repository_manager3.21.0 – 3.21.0
sonatype / nexus_repository_manager3.21.1 – 3.21.1
sonatype / nexus_repository_manager3.21.2 – 3.21.2
sonatype / nexus_repository_manager3.22.0 – 3.22.0
sonatype / nexus_repository_manager3.22.1 – 3.22.1
sonatype / nexus_repository_manager3.23.0 – 3.23.0
sonatype / nexus_repository_manager3.24.0 – 3.24.0
sonatype / nexus_repository_manager3.25.0 – 3.25.0
sonatype / nexus_repository_manager3.25.1 – 3.25.1
sonatype / nexus_repository_manager3.26.0 – 3.26.0
sonatype / nexus_repository_manager3.26.1 – 3.26.1
sonatype / nexus_repository_manager3.27.0 – 3.27.0
sonatype / nexus_repository_manager3.28.0 – 3.28.0
sonatype / nexus_repository_manager3.28.1 – 3.28.1
sonatype / nexus_repository_manager3.29.0 – 3.29.0
sonatype / nexus_repository_manager3.29.2 – 3.29.2
sonatype / nexus_repository_manager3.30.0 – 3.30.0
sonatype / nexus_repository_manager3.30.1 – 3.30.1
sonatype / nexus_repository_manager3.31.0 – 3.31.0
sonatype / nexus_repository_manager3.31.1 – 3.31.1
sonatype / nexus_repository_manager3.32.0 – 3.32.0
sonatype / nexus_repository_manager3.32.1 – 3.32.1
sonatype / nexus_repository_manager3.33.0 – 3.33.0
sonatype / nexus_repository_manager3.33.1 – 3.33.1
sonatype / nexus_repository_manager3.34.0 – 3.34.0
sonatype / nexus_repository_manager3.34.1 – 3.34.1
sonatype / nexus_repository_manager3.35.0 – 3.35.0
sonatype / nexus_repository_manager3.36.0 – 3.36.0
sonatype / nexus_repository_manager3.37.0 – 3.37.0
sonatype / nexus_repository_manager3.37.1 – 3.37.1
sonatype / nexus_repository_manager3.37.2 – 3.37.2
sonatype / nexus_repository_manager3.37.3 – 3.37.3
sonatype / nexus_repository_manager3.38.0 – 3.38.0
sonatype / nexus_repository_manager3.38.1 – 3.38.1
sonatype / nexus_repository_manager3.39.0 – 3.39.0
sonatype / nexus_repository_manager3.40.0 – 3.40.0
sonatype / nexus_repository_manager3.40.1 – 3.40.1
sonatype / nexus_repository_manager3.41.0 – 3.41.0
sonatype / nexus_repository_manager3.41.1 – 3.41.1
sonatype / nexus_repository_manager3.42.0 – 3.42.0
sonatype / nexus_repository_manager3.43.0 – 3.43.0
sonatype / nexus_repository_manager3.44.0 – 3.44.0
sonatype / nexus_repository_manager3.45.0 – 3.45.0
sonatype / nexus_repository_manager3.45.1 – 3.45.1
sonatype / nexus_repository_manager3.46.0 – 3.46.0
sonatype / nexus_repository_manager3.47.0 – 3.47.0
sonatype / nexus_repository_manager3.47.1 – 3.47.1
sonatype / nexus_repository_manager3.48.0 – 3.48.0
sonatype / nexus_repository_manager3.49.0 – 3.49.0
sonatype / nexus_repository_manager3.50.0 – 3.50.0
sonatype / nexus_repository_manager3.51.0 – 3.51.0
sonatype / nexus_repository_manager3.52.0 – 3.52.0
sonatype / nexus_repository_manager3.53.0 – 3.53.0
sonatype / nexus_repository_manager3.53.1 – 3.53.1
sonatype / nexus_repository_manager3.54.0 – 3.54.0
sonatype / nexus_repository_manager3.54.1 – 3.54.1
sonatype / nexus_repository_manager3.55.0 – 3.55.0
sonatype / nexus_repository_manager3.56.0 – 3.56.0
sonatype / nexus_repository_manager3.57.0 – 3.57.0
sonatype / nexus_repository_manager3.57.1 – 3.57.1
sonatype / nexus_repository_manager3.58.0 – 3.58.0
sonatype / nexus_repository_manager3.58.1 – 3.58.1
sonatype / nexus_repository_manager3.59.0 – 3.59.0
sonatype / nexus_repository_manager3.60.0 – 3.60.0
sonatype / nexus_repository_manager3.61.0 – 3.61.0
sonatype / nexus_repository_manager3.62.0 – 3.62.0
sonatype / nexus_repository_manager3.63.0 – 3.63.0
sonatype / nexus_repository_manager3.64.0 – 3.64.0
sonatype / nexus_repository_manager3.65.0 – 3.65.0
sonatype / nexus_repository_manager3.66.0 – 3.66.0
sonatype / nexus_repository_manager3.67.0 – 3.67.0
sonatype / nexus_repository_manager3.67.1 – 3.67.1
sonatype / nexus_repository_manager3.68.0 – 3.68.0
sonatype / nexus_repository_manager3.68.1 – 3.68.1
sonatype / nexus_repository_manager3.69.0 – 3.69.0
sonatype / nexus_repository_manager3.70.0 – 3.70.0
sonatype / nexus_repository_manager3.70.1 – 3.70.1
sonatype / nexus_repository_manager3.70.2 – 3.70.2
sonatype / nexus_repository_manager3.70.3 – 3.70.3
sonatype / nexus_repository_manager3.70.4 – 3.70.4
sonatype / nexus_repository_manager3.70.5 – 3.70.5
sonatype / nexus_repository_manager3.71.0 – 3.71.0
sonatype / nexus_repository_manager3.72.0 – 3.72.0
sonatype / nexus_repository_manager3.73.0 – 3.73.0
sonatype / nexus_repository_manager3.74.0 – 3.74.0
sonatype / nexus_repository_manager3.75.0 – 3.75.0
sonatype / nexus_repository_manager3.75.1 – 3.75.1
sonatype / nexus_repository_manager3.76.0 – 3.76.0
sonatype / nexus_repository_manager3.76.1 – 3.76.1
sonatype / nexus_repository_manager3.77.0 – 3.77.0
sonatype / nexus_repository_manager3.78.0 – 3.78.0
sonatype / nexus_repository_manager3.78.1 – 3.78.1
sonatype / nexus_repository_manager3.79.0 – 3.79.0
sonatype / nexus_repository_manager3.80.0 – 3.80.0
sonatype / nexus_repository_manager3.81.0 – 3.81.0
sonatype / nexus_repository_manager3.82.0 – 3.82.0
sonatype / nexus_repository_manager3.83.0 – 3.83.0
sonatype / nexus_repository_manager3.83.1 – 3.83.1
sonatype / nexus_repository_manager3.83.2 – 3.83.2
sonatype / nexus_repository_manager3.84.0 – 3.84.0
sonatype / nexus_repository_manager3.84.1 – 3.84.1
sonatype / nexus_repository_manager3.84.2 – 3.84.2
sonatype / nexus_repository_manager3.85.0 – 3.85.0
sonatype / nexus_repository_manager3.85.1 – 3.85.1
sonatype / nexus_repository_manager3.86.0 – 3.86.0
sonatype / nexus_repository_manager3.86.2 – 3.86.2
sonatype / nexus_repository_manager3.86.3 – 3.86.3
sonatype / nexus_repository_manager3.87.0 – 3.87.0
sonatype / nexus_repository_manager3.87.1 – 3.87.1
sonatype / nexus_repository_manager3.87.2 – 3.87.2
sonatype / nexus_repository_manager3.88.0 – 3.88.0
sonatype / nexus_repository_manager3.89.0 – 3.89.0
sonatype / nexus_repository_manager3.89.1 – 3.89.1
sonatype / nexus_repository_manager3.90.0 – 3.90.0
sonatype / nexus_repository_manager3.90.1 – 3.90.1
sonatype / nexus_repository_manager3.90.2 – 3.90.2
sonatype / nexus_repository_manager3.90.3 – 3.90.3
sonatype / nexus_repository_manager3.91.0 – 3.91.0
sonatype / nexus_repository_manager3.91.1 – 3.91.1

CVE-2026-10748

Description

CVSS breakdown

Affected products

References