Credential-guessing via authenticated endpoints in Sonatype Nexus Repository
CVE-2026-3329 Published on June 11, 2026

Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.

Vendor Advisory NVD

Weakness Type

Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

Products Associated with CVE-2026-3329

Want to know whenever a new CVE is published for Sonatype Nexus Repository Manager? stack.watch will email you.

Sonatype Nexus Repository Manager

Affected Versions

Sonatype Nexus Repository Manager:

Version 3.0.0 and below 3.93.0 is affected.

Credential-guessing via authenticated endpoints in Sonatype Nexus RepositoryCVE-2026-3329 Published on June 11, 2026

Weakness Type

Improper Restriction of Excessive Authentication Attempts

Products Associated with CVE-2026-3329

Affected Versions

Credential-guessing via authenticated endpoints in Sonatype Nexus Repository
CVE-2026-3329 Published on June 11, 2026