CVE Catalog

CVE-2026-10748

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile - higher than 21% of all known CVEs

Summary

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

Risk Assessment

The ability to execute arbitrary operating system commands poses a serious threat to the integrity and security of the system, potentially leading to unauthorized access to data.

Recommendation

It is recommended to upgrade to version 3.92.0 or later to mitigate this vulnerability.

Original NVD description (English source)

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS