Description
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.
Published: 2026-04-08
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in the task management component of Sonatype Nexus Repository Manager allows an authenticated user who can create tasks to submit malicious data that is executed as code when the task runs. By crafting a vulnerability‑laden task, the attacker can bypass the nexus.scripts.allowCreation control and run arbitrary commands with the privileges of the Nexus process, compromising confidentiality, integrity, and availability.

Affected Systems

Sonatype Nexus Repository Manager versions 3.22.1 through 3.90.2 are affected. This includes all releases in that range as listed by the CNA.

Risk and Exploitability

The CVSS score of 9.4 signals a high‑magnitude risk. Exploitation requires the attacker to be authenticated and possess task creation rights, a permission typically held by developers or administrators. No public exploitation data is currently available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Once the attacker submits a malicious task, code executes with the Nexus process privileges, giving the attacker full control over the server.

Generated by OpenCVE AI on April 8, 2026 at 23:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Nexus Repository Manager version 3.91.0 or later, where the issue is fixed.
  • Restrict task creation permissions to trusted users only.
  • Ensure the nexus.scripts.allowCreation property is enabled when task creation is required.
  • Monitor logs for unexpected or unauthorized task creation activity.
  • Apply general system hardening if an immediate upgrade is not possible.

Generated by OpenCVE AI on April 8, 2026 at 23:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 22:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.
Title Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection
First Time appeared Sonatype
Sonatype nexus Repository Manager
Weaknesses CWE-502
CPEs cpe:2.3:a:sonatype:nexus_repository_manager:3.22.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.23.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.24.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.25.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.25.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.26.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.26.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.27.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.28.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.28.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.29.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.29.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.30.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.30.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.31.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.31.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.32.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.32.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.33.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.33.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.34.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.34.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.35.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.36.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.38.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.38.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.39.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.40.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.40.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.41.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.41.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.42.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.43.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.44.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.45.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.45.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.46.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.47.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.47.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.48.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.49.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.50.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.51.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.52.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.53.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.53.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.54.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.54.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.55.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.56.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.57.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.57.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.58.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.58.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.59.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.60.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.61.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.62.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.63.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.64.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.65.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.66.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.67.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.67.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.68.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.68.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.69.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.71.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.72.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.73.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.74.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.75.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.75.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.76.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.76.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.77.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.78.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.78.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.79.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.80.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.81.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.82.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.85.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.88.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.89.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.2:*:*:*:*:*:*:*
Vendors & Products Sonatype
Sonatype nexus Repository Manager
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L'}

Subscriptions

Sonatype Nexus Repository Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: Sonatype

Published:

Updated: 2026-04-08T22:17:10.117Z

Reserved: 2026-02-25T13:05:59.905Z

Link: CVE-2026-3199

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T23:16:59.160

Modified: 2026-04-08T23:16:59.160

Link: CVE-2026-3199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:43Z

Weaknesses