CVE-2026-10748
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.
Risk Assessment
The ability to execute arbitrary operating system commands poses a serious threat to the integrity and security of the system, potentially leading to unauthorized access to data.
Recommendation
It is recommended to upgrade to version 3.92.0 or later to mitigate this vulnerability.
Original NVD description (English source)
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

