216.73.217.80

CVE-2026-5189

· Published 15/04/2026 19:16 · Modified 15/04/2026 19:16

Labels: CVE-2026-5189 103e4ec9-0a87-450b-af77-479448ddef112026-04-15CVE-2026-5189CWE-798

Essential information

Published
15/04/2026 19:16
Modified
15/04/2026 19:16
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
103e4ec9-0a87-450b-af77-479448ddef11
NVD
View on NVD

Affected products (CPE)

ProductCPE
sonatype / nexus repository manager cpe:2.3:a:sonatype:nexus_repository_manager:3.0.0-3.70.5:*:*:*:*:*:*:*

References