CVE-2026-10741 PUBLISHED

Nexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configuration

Assigner: Sonatype
Reserved: 03.06.2026 Published: 17.06.2026 Updated: 17.06.2026

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
CVSS Score: 5.9

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	Low
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	Present	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	Sonatype
Product	Nexus Repository Manager
Versions	Default: unaffected affected from 3.1.0 to 3.93.0 (excl.)

CVE-2026-10741 PUBLISHED

Nexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configuration

Metrics

Product Status

Credits

References

Problem Types