CVE-2026-10748

Published: Giu 16, 2026 Last Modified: Giu 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: 103e4ec9-0a87-450b-af77-479448ddef11

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

502

Deserialization of Untrusted Data

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context

Applicable Platforms

Languages: Java, Ruby, PHP, Python, JavaScript

Technologies: Not Technology-Specific, ICS/OT, AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://help.sonatype.com/en/sonatype-nexus-repository-3-92…

https://help.sonatype.com/en/sonatype-nexus-repository-3-92-0-release-notes.html

https://support.sonatype.com/hc/en-us/articles/523357660356…

https://support.sonatype.com/hc/en-us/articles/52335766035603

CVE-2026-10748

Description

Deserialization of Untrusted Data

Common Consequences

Applicable Platforms

Iscriviti alla newsletter