Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2026-10741 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-10741

CVE-2026-10741

MEDIUM5.9

Nexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configuration

Published Jun 17, 2026

Modified 6 days ago

Details

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.

References

FIX

https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html

ADVISORY

https://support.sonatype.com/hc/en-us/articles/52341191736851

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-10741

CVSS Analysis

CVSS v4.0

5.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

PresentAT:P

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

HighVC:H

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

LowSC:L

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.9/CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Weakness Type (CWE)

Access Control

CWE-863

Incorrect Authorization

Ecosystems

Timeline

PublishedJun 17, 2026

ModifiedJun 17, 2026