PatchSiren cyber security CVE debrief
CVE-2026-3329 Sonatype CVE debrief
CVE-2026-3329 is a HIGH severity vulnerability with a CVSS score of 8.7. A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. The CVE was published on 2026-06-11T18:16:25.343Z and last modified on 2026-06-11T21:02:42.240Z.
- Vendor
- Sonatype
- Product
- Nexus Repository Manager
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Sonatype Nexus Repository should review and apply patches as recommended by the vendor.
Technical summary
The vulnerability affects Sonatype Nexus Repository and allows remote unauthenticated attackers to conduct credential-guessing attacks via authentication endpoints. The Common Vulnerability Scoring System (CVSS) score is 8.7, indicating a HIGH severity level.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by Sonatype as soon as possible.
- Review authentication endpoints and ensure proper security measures are in place.
- Monitor user accounts for suspicious activity.
Evidence notes
The vendor is listed as Unknown Vendor, but evidence suggests the product is Sonatype Nexus Repository.
Official resources
-
CVE-2026-3329 CVE record
CVE.org
-
CVE-2026-3329 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
103e4ec9-0a87-450b-af77-479448ddef11
-
Source reference
103e4ec9-0a87-450b-af77-479448ddef11
CVE-2026-3329 was published on 2026-06-11T18:16:25.343Z and last modified on 2026-06-11T21:02:42.240Z.