๐Ÿ” CVE Alert

CVE-2026-11403

UNKNOWN 0.0

Nexus Repository Manager - Insufficient Entropy in Format-Specific API Key Generation

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-specific API key realm (NuGet API Key, Docker Bearer Token, or npm Bearer Token) must be enabled and the targeted user must have an active API key for this vulnerability to be exploitable.

CWE CWE-331
Vendor sonatype
Product nexus repository manager
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for sonatype nexus repository manager

Be the first to know when new unknown vulnerabilities affecting sonatype nexus repository manager are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Sonatype / Nexus Repository Manager
3.0.0 < 3.93.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
help.sonatype.com: https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html support.sonatype.com: https://support.sonatype.com/hc/en-us/articles/52347011450515/

Credits

Sanjok Karki (@thesanjok) of National Forensic Sciences University, Goa.