CVE-2026-3199

Vulnerability Description

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

Vulnerability Details

Published Date

April 08, 2026

Last Modified

April 13, 2026

CWE ID

CWE-502

Source

NVD

External References

https://help.sonatype.com/en/sonatype-nexus-repository-3-91-0-release-notes.html
https://support.sonatype.com/hc/en-us/articles/50615414548499

CVE-2026-3199

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment