Back to CVE List

CVE-2026-14504

Vulnerability Description

An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
Sonatype
Product
Nexus Repository 3

External References

Discussion (0)

Add Comment

No comments yet. Be the first!