Nexus Repository 3 – Authenticated Remote Code Execution via Task...

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L

Description

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

Basic Information

ID CVE-2026-3199

Source Sonatype

Published Apr 8, 2026 at 22:17

Modified Apr 9, 2026 at 13:17

Affected Product

Vendor Sonatype

Product Nexus Repository

Version 3.22.1

Affected Versions Sonatype Nexus Repository 3.22.1

CWE Classification

CWE-502

References

{
    "lastseen": "",
    "description": "A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.",
    "published": "2026-04-08T22:17:10.117Z",
    "modified": "2026-04-09T13:17:32.341Z",
    "type": "cve",
    "title": "Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection",
    "source": "Sonatype",
    "references": "https://help.sonatype.com/en/sonatype-nexus-repository-3-91-0-release-notes.html\nhttps://support.sonatype.com/hc/en-us/articles/50615414548499",
    "id": "CVE-2026-3199",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "Sonatype Nexus Repository 3.22.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Nexus Repository",
    "version": "3.22.1",
    "vendor": "Sonatype",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nexus Repository 3 – Authenticated Remote Code Execution via Task Property Injection_CVE-2026-3199