These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A medium-severity authorization vulnerability (CVSS Score: 5.9) was discovered in Sonatype Nexus Repository Manager before version 3.93.0. The vulnerability allows a delegated repository administrator to disclose stored upstream proxy credentials through the proxy repository configuration. This issue was publicly disclosed on June 17, 2026. Organizations using affected versions of Sonatype Nexus Repositor [truncated]
CVE-2026-10748 is a high-severity vulnerability in Sonatype Nexus Repository 3, with a CVSS score of 8.6. An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in versions before 3.92.0.
CVE-2026-3329 is a HIGH severity vulnerability with a CVSS score of 8.7. A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. The CVE was published on 2026-06-11T18:16:25.343Z and last modified on 2026-06-11T21:02:42.240Z.
CVE-2019-7238 concerns an incorrect access control vulnerability in Sonatype Nexus Repository Manager. It is listed in CISA’s Known Exploited Vulnerabilities catalog, which means it should be treated as a high-priority remediation item. The supplied official sources do not provide version ranges or deeper technical detail, so the safest response is to follow vendor update guidance and confirm the affected [truncated]
CVE-2020-10199 is a Sonatype Nexus Repository remote code execution vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2021-11-03. The official guidance in the supplied corpus is to apply updates per vendor instructions, making this an urgent patching item for any affected deployment.