Auth bypass in Sonatype Nexus Repository Manager
CVE-2026-10741
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.
Vulnerability class: Broken Access Control
Affected products
- Sonatype Nexus Repository Manager — versions 3.1.0
Weakness classification (CWE)
References
- 103e4ec9-0a87-450b-af77-479448ddef11 (patch)
- 103e4ec9-0a87-450b-af77-479448ddef11 (vendor-advisory)