CVE-2026-3199

Vulnerability Description

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

Related Weaknesses (CWE)

CWE-502

References

https://help.sonatype.com/en/sonatype-nexus-repository-3-91-0-release-notes.html
https://support.sonatype.com/hc/en-us/articles/50615414548499

FAQ

What is CVE-2026-3199?

CVE-2026-3199 is a documented vulnerability. A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, ...

How severe is CVE-2026-3199?

CVSS scoring is not yet available for CVE-2026-3199. Check NVD for updates.

Is there a patch for CVE-2026-3199?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.