CVE-2026-10741

UNKNOWN 0.0

Nexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configuration

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

CWE	CWE-863
Vendor	sonatype
Product	nexus repository manager
Published	Jun 17, 2026
Last Updated	Jun 17, 2026

Stay Ahead of the Next One

Get instant alerts for sonatype nexus repository manager

Be the first to know when new unknown vulnerabilities affecting sonatype nexus repository manager are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Sonatype / Nexus Repository Manager

3.1.0 < 3.93.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

help.sonatype.com: https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html support.sonatype.com: https://support.sonatype.com/hc/en-us/articles/52341191736851

Credits

Ho Boon Suan