Nexus by Sonatype is a repository manager that organizes, stores, and distributes artifacts needed for development. With Nexus, developers can completely control access to and deployment of every artifact in an organization from a single location, making it easier to distribute software.

Sonatype Nexus

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

CVE-2026-3199

Identifiant CVE	Sévérité	Score	Technologies	Nom du composant	Exploit CISA KEV	A corrigé	Date de publication
CVE-2026-3199	CRITICAL	9.4	Sonatype Nexus	cpe:2.3:a:sonatype:nexus_repository_manager	Non	Oui	Apr 08, 2026
CVE-2026-5189	CRITICAL	9.2	Sonatype Nexus	cpe:2.3:a:sonatype:nexus_repository_manager_3	Non	Oui	Apr 15, 2026
CVE-2026-3438	MEDIUM	5.1	Sonatype Nexus	cpe:2.3:a:sonatype:nexus_repository_manager	Non	Oui	Apr 08, 2026
CVE-2026-0601	MEDIUM	5.1	Sonatype Nexus	cpe:2.3:a:sonatype:nexus_repository_manager	Non	Oui	Jan 14, 2026
CVE-2025-13488	MEDIUM	5.1	Sonatype Nexus	cpe:2.3:a:sonatype:nexus_repository_manager	Non	Oui	Dec 04, 2025

CVE-2026-3199:
Sonatype Nexus Analyse et atténuation des vulnérabilités

9.4

Apparenté Sonatype Nexus Vulnérabilités:

Évaluez votre posture de sécurité dans le cloud

Ressources Wiz supplémentaires

PEACH

Prêt(e) à voir Wiz en action ?

CVE-2026-3199: Sonatype Nexus Analyse et atténuation des vulnérabilités