CVE-2026-11403
Nexus Repository Manager - Insufficient Entropy in Format-Specific API Key Generation
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-specific API key realm (NuGet API Key, Docker Bearer Token, or npm Bearer Token) must be enabled and the targeted user must have an active API key for this vulnerability to be exploitable.
| CWE | CWE-331 |
| Vendor | sonatype |
| Product | nexus repository manager |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sonatype nexus repository manager
Be the first to know when new unknown vulnerabilities affecting sonatype nexus repository manager are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Sonatype / Nexus Repository Manager
3.0.0 < 3.93.0
References
Credits
Sanjok Karki (@thesanjok) of National Forensic Sciences University, Goa.