CVE-2026-14504
Vulnerability Description
An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
Sonatype
Product
Nexus Repository 3
Discussion (0)
Add Comment
No comments yet. Be the first!