Sonatype Nexus Repository Manager

XSS via Repository HTML Index in Nexus Repository 3.6.0-3.92.0
CVE-2026-7308 - May 11, 2026

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. This could allow the attacker to perform actions in the context of the victim's session.

XSS

Server-Side Connection Initiation in Nexus Repository Manager 3.x via LDAP Admin
CVE-2026-3048 - May 11, 2026

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.

Marshaling, Unmarshaling

Hard-Coded Credentials in Nexus Repository Manager 3.0.0-3.70.5 Allow Unauth OS Cmds
CVE-2026-5189 - April 15, 2026

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.

Use of Hard-coded Credentials

Sonatype Nexus 3.22.1-3.90.2 Task Exec perm bypassing nexus.scripts.allowCreation
CVE-2026-3199 - April 08, 2026

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

Marshaling, Unmarshaling

Reflected XSS in Sonatype Nexus Repo 3.0.0-3.90.2 via Craft URL
CVE-2026-3438 - April 08, 2026

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction.

XSS

Nexus Repository 3 SSRF via Proxy Repo URL (v3.0.0+; fixed 3.88.0+)
CVE-2026-0600 - January 14, 2026

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

SSRF

CVE-2026-0601: Reflected XSS in Nexus Repository 3 via Unsanitized Input
CVE-2026-0601 - January 14, 2026

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.

XSS

Sonatype Nexus Repo 3.83.0: XSS from missing security header
CVE-2025-13488 - December 04, 2025

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user context.

XSS

SSRF in Sonatype Nexus Repository 2.15.2 Remote Browser Plugin
CVE-2025-9868 - October 08, 2025

Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.

SSRF

Sonatype Nexus Repository Manager 3.x before 3.38.0
CVE-2022-27907 4.3 - Medium - March 30, 2022

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.

SSRF

Sonatype Nexus Repository Manager 3.36.0
CVE-2021-43961 4.3 - Medium - March 17, 2022

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.

XSS

Sonatype Nexus Repository Manager 3.x before 3.36.0
CVE-2021-43293 4.3 - Medium - November 04, 2021

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).

SSRF

Sonatype Nexus Repository Manager 3.x through 3.35.0
CVE-2021-42568 4.3 - Medium - November 02, 2021

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.

Information Disclosure

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0
CVE-2021-37152 5.4 - Medium - August 10, 2021

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Managers pages with code modifications.

XSS

Sonatype Nexus Repository Manager 3.x before 3.31.0
CVE-2021-34553 4.3 - Medium - June 18, 2021

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.

Directory traversal

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1
CVE-2021-29159 6.1 - Medium - April 28, 2021

A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.

XSS

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories
CVE-2021-30635 5.3 - Medium - April 27, 2021

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).

Directory traversal

Sonatype Nexus Repository Manager 3.x before 3.29.0
CVE-2020-29436 6.5 - Medium - December 17, 2020

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.

XXE

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19
CVE-2020-15012 8.6 - High - October 12, 2020

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).

Directory traversal

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1
CVE-2020-11415 - April 27, 2020

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475)
CVE-2019-15588 7.2 - High - November 01, 2019

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.

Shell injection

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19
CVE-2019-16530 7.2 - High - October 21, 2019

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

Unrestricted File Upload

Sonatype Nexus Repository Manager 2.x before 2.14.15
CVE-2019-15893 7.2 - High - October 16, 2019

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data
CVE-2019-5475 8.8 - High - September 03, 2019

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Shell injection

In Nexus Repository Manager before 3.18.0, users with elevated privileges
CVE-2019-14469 - August 22, 2019

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVE-2019-9629 - July 08, 2019

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVE-2019-9630 - July 08, 2019

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.

Sonatype Nexus Repository Manager 2.x before 2.14.13
CVE-2019-11629 6.1 - Medium - May 07, 2019

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.

XSS

Sonatype Nexus Repository Manager before 3.14
CVE-2018-16619 6.1 - Medium - November 15, 2018

Sonatype Nexus Repository Manager before 3.14 allows XSS.

XSS

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVE-2018-16620 7.5 - High - November 15, 2018

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.

AuthZ

Sonatype Nexus Repository Manager before 3.14
CVE-2018-16621 7.2 - High - November 15, 2018

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

EL Injection

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
CVE-2018-12100 4.8 - Medium - June 11, 2018

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.

XSS

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8
CVE-2018-5306 6.1 - Medium - February 09, 2018

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.

XSS

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6
CVE-2018-5307 6.1 - Medium - February 09, 2018

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.

XSS