Description
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.
Published: 2026-06-16
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file that triggers Java object deserialization by the Nexus process. This flaw allows the attacker to execute arbitrary operating system commands as the Nexus user, effectively compromising the host. The vulnerability is a classic example of insecure deserialization (CWE-502) and results in a high‑impact remote code execution scenario where the attacker gains full system control over the running Nexus instance.

Affected Systems

Sonatype Nexus Repository 3 releases before 3.92.0 are vulnerable. This includes versions 3.0.0 through 3.91.1 as enumerated in the supplied CPE list, covering a wide range of early and intermediate releases.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity. However, the EPSS score of less than 1% suggests that the likelihood of exploitation is low at this time, and the vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector requires legitimate authentication with the nx-licensing-create privilege, typically performed by administrators or automated processes that manage Nexus licenses. Once the privilege is established, an attacker can upload a malicious license file to trigger the deserialization flaw and execute commands as the Nexus process user.

Generated by OpenCVE AI on June 17, 2026 at 18:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Sonatype Nexus Repository to version 3.92.0 or later where the deserialization flaw has been fixed.
  • Review and tightly restrict the nx-licensing-create privilege to only the users who need to upload or manage licenses, reducing the attack surface for authenticated attackers.
  • If license upload is not required for your deployment, disable or remove the licensing upload endpoint and audit the logs for any unexpected license upload attempts.
  • Consider implementing additional input validation or a whitelist for license files to mitigate serialization attacks, following the CWE‑502 remediation guidelines.

Generated by OpenCVE AI on June 17, 2026 at 18:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.
Title Nexus Repository 3 - Remote Code Execution via License Deserialization
First Time appeared Sonatype
Sonatype nexus Repository Manager
Weaknesses CWE-502
CPEs cpe:2.3:a:sonatype:nexus_repository_manager:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.15.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.15.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.15.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.16.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.16.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.16.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.17.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.18.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.18.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.19.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.19.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.20.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.20.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.21.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.21.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.21.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.22.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.22.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.23.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.24.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.25.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.25.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.26.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.26.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.27.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.28.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.28.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.29.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.29.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.30.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.30.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.31.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.31.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.32.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.32.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.33.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.33.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.34.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.34.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.35.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.36.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.38.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.38.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.39.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.40.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.40.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.41.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.41.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.42.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.43.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.44.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.45.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.45.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.46.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.47.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.47.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.48.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.49.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.50.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.51.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.52.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.53.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.53.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.54.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.54.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.55.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.56.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.57.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.57.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.58.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.58.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.59.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.60.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.61.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.62.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.63.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.64.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.65.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.66.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.67.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.67.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.68.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.68.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.69.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.4:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.5:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.71.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.72.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.73.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.74.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.75.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.75.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.76.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.76.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.77.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.78.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.78.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.79.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.80.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.81.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.82.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.85.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.85.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.88.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.89.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.89.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.91.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.91.1:*:*:*:*:*:*:*
Vendors & Products Sonatype
Sonatype nexus Repository Manager
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Sonatype Nexus Repository Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: Sonatype

Published:

Updated: 2026-06-17T03:56:04.678Z

Reserved: 2026-06-03T13:43:46.540Z

Link: CVE-2026-10748

cve-icon Vulnrichment

Updated: 2026-06-16T19:03:30.780Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:16:30.607

Modified: 2026-06-16T20:46:47.250

Link: CVE-2026-10748

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:30:03Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data