CVE-2026-14504
Nexus Repository 3 - Authorization Bypass in Component Upload API
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check.
| CWE | CWE-862 |
| Vendor | sonatype |
| Product | nexus repository 3 |
| Published | Jul 14, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for sonatype nexus repository 3
Be the first to know when new unknown vulnerabilities affecting sonatype nexus repository 3 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Sonatype / Nexus Repository 3
3.88.0 < 3.94.0
References
Credits
muhammaddaffa