Sonatype Nexus Repository Manager Flaws Enable XSS and Potential Code Execution
dCERT issued advisories for two vulnerabilities affecting Sonatype Nexus Repository Manager, warning that one flaw allows cross-site scripting (XSS) and another can bypass security measures and may lead to potential code execution. The issues affect a widely used artifact repository platform that often sits in software build and package distribution workflows.
The paired advisories indicate risk ranging from browser-based compromise through XSS to more serious server-side impact if security controls can be circumvented. Organizations using Sonatype Nexus Repository Manager should review the relevant dCERT advisories, identify affected deployments, and prioritize vendor guidance and remediation to reduce exposure in development and supply-chain infrastructure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes Sonatype Nexus advisory on security measure bypass
dCERT published advisory 2026-1427 for Sonatype Nexus Repository Manager describing a vulnerability that allows bypassing security measures. The notice represents a new disclosure distinct from earlier April 2026 Sonatype Nexus advisories.
dCERT publishes Sonatype Nexus advisory on security bypass and possible code execution
dCERT published advisory 2026-1113 for Sonatype Nexus Repository Manager describing a vulnerability that could bypass security measures and potentially lead to code execution.
dCERT publishes Sonatype Nexus Repository Manager XSS advisory
dCERT published advisory 2026-1009 for Sonatype Nexus Repository Manager describing a cross-site scripting vulnerability.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
dCERT - Advisory 2026-1427 - Sonatype Nexus Repository Manager: Vulnerability allows bypassing security measures
dcert.de
Open sourcedCERT - Advisory 2026-1113 - Sonatype Nexus Repository Manager: Vulnerability allows bypassing security measures and potentially code execution
dcert.de
Open sourcedCERT - Advisory 2026-1009 - Sonatype Nexus Repository Manager: Vulnerability allows Cross-Site Scripting
dcert.de
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Sonatype Nexus Repository Flaws Enable Remote Code Execution and Database Compromise
Sonatype disclosed two high-severity vulnerabilities in **Nexus Repository Manager 3** that can lead to arbitrary code execution. **`CVE-2026-3199`** affects versions **3.22.1 through 3.90.2** and allows an authenticated user with task creation privileges to execute code through task property injection in the task management component. The flaw bypasses the `nexus.scripts.allowCreation` security control, indicating a failure in script-related policy enforcement, and has been mapped to **`CWE-502`**. A second issue, **`CVE-2026-5189`**, affects versions **3.0.0 through 3.70.5** and stems from hard-coded credentials in an internal database component. If the non-default setting `nexus.orient.binaryListenerEnabled=true` is enabled, an unauthenticated network attacker can gain read and write access to the internal database and execute operating system commands as the Nexus process user. Sonatype linked the fixes to **Nexus Repository 3.91.0** for `CVE-2026-3199` and **3.71.0** for `CVE-2026-5189`, with both issues carrying high impact across confidentiality, integrity, and availability.
Apr 15, 2026
Nexus Repository 3 RCE Lets Privileged Users Execute OS Commands
Sonatype disclosed **CVE-2026-10748**, a high-severity remote code execution flaw in **Nexus Repository 3** affecting versions before **3.92.0**. The vulnerability stems from unsafe deserialization in license handling and allows an authenticated user with the `nx-licensing-create` privilege to upload a crafted license file and execute arbitrary operating system commands as the Nexus process user. The issue carries a **CVSS 4.0 score of 8.6**. Organizations running Nexus Repository 3 are being urged to upgrade to **3.92.0 or later**, apply vendor patches, and tightly restrict assignment of the `nx-licensing-create` privilege to reduce exposure. A separate F5 advisory also noted **CVE-2026-42530** affecting the **NGINX `ngx_http_v3_module`**, but no technical synopsis was provided in the available reference.
Jun 17, 2026
Cisco Discloses XSS in Catalyst SD-WAN Manager and SSRF in Nexus Dashboard
Cisco published security advisories for two enterprise management platforms: a cross-site scripting (**XSS**) flaw in **Cisco Catalyst SD-WAN Manager** and a server-side request forgery (**SSRF**) flaw affecting **Cisco Nexus Dashboard** and **Cisco Nexus Dashboard Insights**. The issues affect products used to centrally manage networking infrastructure, raising the risk that attackers could target administrative interfaces and backend request handling in high-value environments. The advisories identify separate web-application security weaknesses in Cisco's network management stack, with one issue tied to malicious script execution in the SD-WAN management interface and the other to unauthorized server-side requests from Nexus Dashboard components. Organizations using these platforms should review Cisco's product advisories, determine affected deployments, and prioritize remediation or mitigations for exposed management systems.
Apr 1, 2026