๐Ÿ” CVE Alert

CVE-2026-14504

UNKNOWN 0.0

Nexus Repository 3 - Authorization Bypass in Component Upload API

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check.

CWE CWE-862
Vendor sonatype
Product nexus repository 3
Published Jul 14, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for sonatype nexus repository 3

Be the first to know when new unknown vulnerabilities affecting sonatype nexus repository 3 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Sonatype / Nexus Repository 3
3.88.0 < 3.94.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
help.sonatype.com: https://help.sonatype.com/en/sonatype-nexus-repository-3-94-0-release-notes.html support.sonatype.com: https://support.sonatype.com/hc/en-us/articles/53137654741907

Credits

muhammaddaffa